Docker containers being exploited by cryptojacking worms. It’s an issue we began to see a couple years ago, and these worms are still alive and kicking. CounterCraft’s founders talk about exactly how this generation of Docker daemon worms are working.
Our threat intel team created an open Docker daemon. We found that the Cetus worm almost immediately located our open Docker daemon and connected to it. Find out how CounterCraft gathered intel on the exploits happening in real time, as well as what the Docker daemon worms’ workings revealed, including the IOCs of TeamTNT and a quirky naming convention.
Watch this video, featuring CounterCraft CSO Dan Brett and CEO David Barroso, to find out more about the exploits we are seeing in the wild with Docker daemon worms.
Read the blog posts about our intel on the Docker daemon worms here:
- – Docker Daemon Worms Are Still Kicking Around
- – Escaping Docker Privileged Containers for Mining Crypto Currencies
- – Malicious Docker Images Still Used for Mining Purposes
Subscribe to our YouTube channel for more great insight.