A new malware is attacking port 2375 of the Docker open source platform. 2375 is the default port opened by Docker on localhost, used to listen for API connections, but due to improper configuration by the administrator, it is exposed to the Internet. The attack begins with reconnaissance and privilege escalation before executing the exploit code.

The virus in this attack campaign has the ability to install cryptocurrency mining software, create backdoors that allow remote access, and perform other attacks against cloud infrastructure.

Exposed Docker ports are one of the biggest weaknesses, creating opportunities for hackers to infiltrate and deploy malicious code. In particular, these attacks not only target Docker servers but can also extend to other services such as Hadoop YARN and Atlassian Confluence, causing serious security risks for systems using cloud technology. cloud.

Experts recommend that system administrators check and protect Docker's Internet ports, limit access so they are not exposed, and apply security measures such as updating patches, use firewalls, and strong authentication mechanisms to minimize the risk of attacks.

Bkav