LemonDuck is a cryptocurrency mining bot that makes use of Docker cloud situations to mine cryptocurrency on Linux platforms. The LemonDuck botnet makes an attempt to monetize its efforts, in keeping with the CrowdStrike Cloud Danger Evaluation crew, by operating concurrent campaigns to mine cryptocurrency like Monero. In keeping with the researchers, as a result of Docker is usually used to execute container workloads within the cloud, a misconfigured cloud occasion can expose a Docker API to the web. An attacker can then use this API to launch a cryptocurrency miner inside a container managed by the attacker. As cloud use grows throughout varied companies, assaults like this may occasionally develop into extra frequent, in keeping with Dave Cundiff, CISO of Cyvatar. In keeping with Cundiff, Docker and different related instruments are extraordinarily helpful in enhancing day-to-day workflow for companies to satisfy the rising calls for of their prospects. Then again, Cundiff believes that administrators often underestimate the necessity for security in containerized environments.
Containers provide safer settings, however Cundiff warns that “easy misconfigurations might allow most of these assaults.” “As demonstrated within the CrowdStrike examine, an incorrectly uncovered API to the web permits attackers to take advantage of the goal infrastructure earlier than pivoting internally to different containers.” The best first step in defending the setting is to maintain your environment clear.”
Whereas Docker gives a excessive degree of programmability, flexibility, and automation, it has the unintended consequence of dashing up the assault flooring, in keeping with Ratan Tipirneni, president and CEO of Tigera. It is very correct, in keeping with Tipirneni, as container applied sciences develop into extra broadly utilized by the mainstream market.
