If you are running a fleet of virtual machines using popular containerization solution Docker, you may be in for a nasty surprise. A couple of vulnerabilities have been discovered in Docker that has been exploited by cyber-criminals to run the Monero crypto-currency miner on affected Docker containers. This will of course have a serious impact on performance, and in an environment where billing is usage based, this will increase your costs.
Security firm Imperva found open ports 2735 and 2735 running on Docker implementations, and of those over 400 were infected with crypto-miners. These are listening ports for APIs that are used to configure Docker containers. Combined with another know vulnerability that affects the container runtime, RunC, running Docker with these ports open leaves them subject to possible compromise. Worse exploits than crypto-mining are possible.
The solution is updating your Docker configurations to version 18.09.2 or later. That should fix the problem. You can test your own implementations of Docker for open ports using the popular site Shodan.
This is an important reminder that virtual machines, whether on hypervisors such as Hyper-V, VMware, or Virtual Box, or on popular container platforms such as Docker or Kubernetes, need to have the same security protections as real machines, including anti-malware software, end-point firewalls, regular patching and updating, the the usual security best practices.
Share
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com