Flash Notice: Hackers Exploit Docker API Servers for Crypto Mining Attackers

overview

Threat researchers with Trend Micro have recently uncovered attacks leveraging exposed instances of Docker Remote API.  

After discovering public facing Docker API hosts, the attackers will attempt to evade detection and other security solutions before deploying a crypto-mining solution, hijacking the victims network resources.  

how avertium is protecting our customers

IOCs ADDED TO OUR THREAT FEEDS

NOTE!: Avertium is actively searching across all monitored environments for the IoC’s listed below. If any are discovered, we will reach out to you directly. If your environment or portions of your environment are not currently being monitored, please reach out to your Service Delivery Manager. 

TTPs TO MONITOR

Attackers exploit weaknesses in internet-facing applications to gain unauthorized access or control. 

Adversaries use command-line interfaces or scripts to execute malicious commands or scripts. 

Attackers use valid user credentials to maintain access or execute attacks within a system. 

Techniques that disguise malicious processes or files to look legitimate. 

Attackers download or transfer tools or malware onto a compromised system for further exploitation. 

additional recommendations

• Ensure any instances of Docker Remote Access API’s are secure with strong access controls 
• Monitor your Docker Remote API servers for unusual activity or unauthorized access 
• Implement a patching program to keep any instances of Docker Remote Access API up-to-date  

ADDITIONAL SERVICE OFFERINGS

• Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
  
• Security Information and Event Management (SIEM) - Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
• Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
  • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
  • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
  • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).

SUPPORTING DOCUMENTATION