It has been reported that a security flaw that provides a backdoor through which Docker containers can be compromised via unsecured remote connections may require IT teams to revisit their approach to DevSecOps.
It has been reported that a security flaw that provides a backdoor through which Docker containers can be compromised via unsecured remote connections may require IT teams to revisit their approach to DevSecOps.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This type of attack will be fueled by widespread usage of containers and AWS. Hackers are looking for computing power for crypto mining, and they know DevOps environments tend to be low hanging fruit. Default configuration, or should I say misconfiguration, such as enabled Docker remote connections are great for DevOps collaboration but as this attack shows it is against basic security best practices.
Exploiting that vulnerability is easy, can be done remotely, and can even be enhanced by escaping Docker and compromising the host. The solutions are not rocket science; just apply the CIS Docker benchmark in an automated way to your DevOps environment. Keeping your AWS credentials safe with multi-factor authentication and least privilege policies with the CIS AWS benchmark will help for the first phase of the attack. And getting top vulnerability scanning in place to prevent escaping Docker attacks will raise 3 barriers that most crypto miners will not bother to overcome.