The capacity of cryptocurrency pirates to exploit a safety problem has a major vulnerability that haunts containers technology.
DockerAn open source project which automates the deployment of the code in software containers, has proven to have vulnerability in its system, now known CVE-2019-5736. Its virtualization technology has enabled companies to use application programming interfaces, called API, to develop, deploy and execute their applications in containers.
But if companies do not configure their configurations adequately or correctly to use DockerThe attackers have a ready path to access administration rights on the company service and install their own software.
“The Docker Remote API is a great way to control your Docker Host, including the automation of the deployment process and control of the state of your containers, said Vitaly Simonovich de Iapvava, the cybersecurity software company. “With this great power, it is a great risk: if control enters the wrong hands, your whole network can be in danger.”
And that seems to be exactly what happened for around 400 of the 3,800 Docker hosts who were potentially at risk, according to the Water Imperva warning. It is a vulnerability that anonymous cryptocurrency pirates use their own advantage. Most of the 400 hosts were already running on Monero, an open source cryptocurrency.
“The fault of Runc (a light portable container Runtime) and Docker that this vulnerability exposes allows an attacker to escape a container and access the underlying file system,” explains Sandra Henry-Stocker on the Network World website.
Monero is considered to be a desirable target precisely because it contains a large obscured book, which means that its transactions are difficult to trace for a source or a destination. This design offers Pirates the opportunity to use Monero funds without being detected.
“During the six -year history of the company, the Docker containers are downloaded 85 billions of times, showing the potential extent of the crypto mining threat”, ” said Cryptonewsz. “The concern is that hundreds of Docker hosts have been potentially compromised.” If the RUNC defect is used, the website said, it is a sign that the administrators have not corrected the problem.
Handicoying of cryptocurrencies is not the only way that attackers can take advantage of Docker vulnerability. Access opens the steering wheel potential, masked by IP attacks, phishing campaigns or the implementation of a botnet on the system. But there was no evidence that such attacks have still taken place.
Fortunately, there is a protection method: vulnerability in the Docker system cannot be accessible if users allow appropriate safety mechanisms in Linux, called Selinux, and the most recent versions of Docker, V18.09.2 or later, also correct the fault. However, the exhibition illustrates that any container is as sure as the Linux system behind.
“This vulnerability (CVE-2019-5736) shows that container safety is Linux safety”, ” said Scott McCarty, main product director for containers at Red Hat. “The same steps that must be taken to better secure a Linux system must be taken with hosts and container images, preferably by building defense layers.”
Other programs have had problems with the surreptitiously installation of the code for the exploitation of cryptocurrency under the radar, an indication that this type of crypto-jacking may be increasing. Microsoft recently removed eight Windows 10 applications from its App Store after a security company has shown that the Monero mining code was present.
“They would have worked by triggering Google Tag Manager in their domain servers to recover a JavaScript Library for the operating of parts”, ” said Marie Huillet de Cointelegraph. “Once the mining script is activated, the target computer processor cycle is diverted to exploit XMR for application developers.”
