AESDDoS botnet malware target Docker containers

News by Robert Abel

Researchers also noticed threat actors abusing a tool called a Docker Batch Test that was developed to detect vulnerabilities in Docker

A newly discovered botnet malware exploits an API misconfiguration in the open-source version of the DevOps tool, Docker Engine-Community, to infiltrate containers and run a variant of the Linux botnet malware AESDDoS, according to a Trend Micro blog post.

"Docker APIs that run on container hosts allow the hosts to receive all container-related commands that the daemon, which runs with root permission, will execute,"  Trend Micro researchers wrote.

"Allowing external access — whether intentionally or by misconfiguration — to API ports allows attackers to gain ownership of the host, giving them the ability to poison instances running within it with malware and to gain remote access to users’ servers and hardware resources," the blog post noted.

External access to API ports allows attackers to gain ownership of the host, giving them the ability to ultimately gain remote access to users’ servers and hardware resources.

Researchers also noticed threat actors abusing a tool called a Docker Batch Test that was developed to detect vulnerabilities in Docker.

To prevent similar container-based incidents from taking place, researchers recommended users check API configuration, implement the principle of least privilege, follow recommended best practices and employ automated runtime and image scanning to gain further visibility into a container’s processes.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop