Skip to main content

Container infrastructure can be exploited in under one hour

cloud
(Image credit: Shutterstock / vs148)

Criminals are having a field day with misconfigured containers, installing cryptocurrency miners and various backdoors without breaking a sweat. According to a new report from Aqua Security Software, it takes less than an hour to compromise vulnerable software container infrastructure. 

As reported by Silicon Angle, attackers are using bots to target misconfigured Docker APIs and are capable of gaining access in roughly 56 minutes.

Most of the time, attackers are looking to install cryptominers, which leverage the available computational power to mine cryptocurrencies. More than 90 percent of the malicious images found executed scripts that hijack computational resources. 

Two in five (40 percent), meanwhile, deployed backdoors that acted as the first step in a multi-stage attack. In these instances, attackers often seek to create new user accounts with elevated privileges, as well as SSH keys for remote access.

Aqua Security also said it found a major campaign that targets the auto-build of SaaS development environments. 

“This has not been a common attack vector in the past, but that will likely change in 2021 because the deployment of detection, prevention and security tools designed to protect the build process during CI/CD flow is still limited within most organizations,” said Assaf Morag, Lead Data Analyst.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.