Hackers Scan Massive Docker Instances to Mine Crypto

$0.40 tipped


351665157-af43186e61af8df4e1b208b049f926b2a3625b0de9deadac8d96e72c00759a9f.jpeg

Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero. 

Over the weekend, according to cybersecurity researchers at Bad Packets, what is believed to be a concerted effort to scan for known vulnerabilities in Docker deployments by cyber-criminals.  These massive scans, covering over 59 thousand IP networks, are searching for victims.  When they find a suitable instance, a malicious payload is deployed which includes the crypto-mining engine XMRig that enables the Monero mining for the attacker's benefit.

For those running Docker instances, be sure you are running the latest software and to lock down the network ports. 

Crypto mining-malware is common, but targeting Docker is relatively new as is the scale of such a coordinated scanning tactic to target victims.  As cybercriminals become more organized, this will become the norm.  The time between vulnerability release and massive scanning to find victims will narrow, especially in situations where crypto-mining can be deployed for immediate financial gains.


Matthew Rosenquist
Matthew Rosenquist

Cybersecurity Strategist specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security for our digital world.


Cybersecurity Tomorrow
Cybersecurity Tomorrow

Cybersecurity strategy perspectives for the emerging risks and opportunities of securing our digital world. The insights of today will lead to tomorrow's security, privacy, and safety foundations.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.