ç™»å½•æŸ¥çœ‹æ›´å¤šå†…å®¹

Cryptomining Malware Moves into Software Containers

Matthew Rosenquist

CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers

å‘å¸ƒæ—¥æœŸ: 2019å¹´10æœˆ18æ—¥

Security researchers at Palo Alto Networks have discovered the Graboid worm that spreads through Docker software containers and mines Monero cryptocurrency for the attackers. This is a new tactic and territory for crypto-mining worms. It is the first time such malware has been detected traversing software containers.

Once a core image repository is infected, anytime the image is pulled and used, the malware goes with it and is spawned to maliciously consume resources for crypto-mining. Traditional security software rarely looks inside containers, so these instances can be active for as long as the container is in use.

Security recommendations:

Make sure the docker engine is not exposed to the internet without proper authentication controls
Use whitelisting where possible to identify and limit allowable incoming traffic sources
Tenaciously protect the software repositories from tampering or infection
Only pull images from trusted repositories
Setup monitoring of images and repositories to detect if they have been modified or acting in unauthorized ways

Nathan Ramirez

Assistant Vice President Technical Engineer II

5 å¹´

Thank you for the information

èµž

å›žå¤

Peter Rung

CyberSecurity - Open to new opportunities

5 å¹´

Nice list Matt! IMHO, letâ€™s consider some old fashioned defensive programming added. Self monitoring software of changes to the containers could be added as #6! If valid data changes were made by the software, then the non-tampered checksum should adjust. If under monitoring logic or data changed in expectantly, then the software should terminate and not be allowed to restart without a deep inspection.

èµž

å›žå¤

1 æ¬¡å›žåº”

Evgeniy S.

Developing digital solutions for E-learning | AI/ML/DS @Aristek Systems Baltic

5 å¹´

Well....

èµž

å›žå¤

Danny Rogers

Rapscallion and Cyber Security Researcher

5 å¹´

Seems like his advice is spot on best practice but perhaps a security tool to help monitor those changes would help also. Something like Twistlock or Aquasec would help.

èµž

å›žå¤

1 æ¬¡å›žåº”

Jon G Shende

5 å¹´

Matthew Rosenquist?to the point, nice!

èµž

å›žå¤

1 æ¬¡å›žåº”

æŸ¥çœ‹æ›´å¤šè¯„è®º

è¦æŸ¥çœ‹æˆ–æ·»åŠ è¯„è®ºï¼Œè¯·ç™»å½•

Matthew Rosenquistçš„æ›´å¤šæ–‡ç«

Immutable Cybersecurity Law #12

2025å¹´3æœˆ17æ—¥

Immutable Cybersecurity Law #12

â€œNever underestimate the simplicity of the attackers, nor the gullibility of the victims.â€ Cyberattacks donâ€™t alwaysâ€¦

6 æ¡è¯„è®º
Boards Challenged to Embrace Cybersecurity Oversight

2025å¹´3æœˆ13æ—¥

Boards Challenged to Embrace Cybersecurity Oversight

Cybersecurity failures are now business risks that CEOs and Boards must own. The world of business owners, investorsâ€¦

11 æ¡è¯„è®º
The CISO Transformation â€“ A Path to Business Leadership

2025å¹´2æœˆ25æ—¥

The CISO Transformation â€“ A Path to Business Leadership

From Risk Hero to Business Superhero The Chief Information Security Officer (CISO) position is on the precipice ofâ€¦

37 æ¡è¯„è®º
Healthcare Crisis Emerges: Cybersecurity Vulnerabilities in Patient Monitors Confirmed by FDA

2025å¹´1æœˆ31æ—¥

Healthcare Crisis Emerges: Cybersecurity Vulnerabilities in Patient Monitors Confirmed by FDA

For over a decade, we warned the healthcare industry this was coming. They ignored us.

23 æ¡è¯„è®º
10 Cybersecurity Predictions for 2025

2025å¹´1æœˆ20æ—¥

10 Cybersecurity Predictions for 2025

The cybersecurity landscape is poised for transformation in 2025. The rapid evolution of technology, coupled with theâ€¦

17 æ¡è¯„è®º
The CISO's Role: Evolving Expectations In Cybersecurity

2024å¹´12æœˆ30æ—¥

The CISO's Role: Evolving Expectations In Cybersecurity

CISOPlatform Fireside Chat - with Matthew Rosenquist The rapidly evolving expectations of cybersecurity are pushingâ€¦

5 æ¡è¯„è®º
Time of Reckoning â€“ Reviewing My 2024 Cybersecurity Predictions

2024å¹´12æœˆ13æ—¥

Time of Reckoning â€“ Reviewing My 2024 Cybersecurity Predictions

The brutal reality is that cybersecurity predictions are only as valuable as their accuracy. As 2024 comes to a closeâ€¦

7 æ¡è¯„è®º
The Dark Side of Microsoftâ€™s New Voice Cloning Feature: Innovation Enabling Risk

2024å¹´11æœˆ28æ—¥

The Dark Side of Microsoftâ€™s New Voice Cloning Feature: Innovation Enabling Risk

Microsoft will release a new Teams feature that allows users to clone their voice so the system can translate theirâ€¦

8 æ¡è¯„è®º
Is Cyber Threat Intelligence Worthless?

2024å¹´11æœˆ22æ—¥

Is Cyber Threat Intelligence Worthless?

I was recently asked â€œWhat do intelligence reports do? They appear worthless!â€ I found the question both funny andâ€¦

24 æ¡è¯„è®º
Are Leaders Ready to Break the Ransomware Cycle

2024å¹´10æœˆ21æ—¥

Are Leaders Ready to Break the Ransomware Cycle

It is good to see US government leaders realize that ransomware is a growing existential threat to our country, at theâ€¦

8 æ¡è¯„è®º

See all articles

Cryptomining Malware Moves into Software Containers

Matthew Rosenquist

CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers

Security recommendations:

Matthew Rosenquistçš„æ›´å¤šæ–‡ç«

ç¤¾åŒºæ´žå¯Ÿ

å…¶ä»–ä¼šå‘˜ä¹Ÿæµè§ˆäº†

Fodcha DDoS Botnet Resurfaces with New Capabilities

Attacks, Vulnerabilities and Actors 19 June to 25 June 2023

Attacks, Vulnerabilities and Actors 3 July to 9 July 2023

Your Weekly CyberSec Digest

Your weekly Cybsersec Digest

#cybersecurity news summary

#cybersecurity new summary

[July 2022, Issue II] Newly Discovered Orbit Malware Creates Stealthy Backdoor on Linux Devices

Jan. 26 Cyber News

Fake DeepSeek Campaign: macOS Users Targeted by Poseidon Malware

Security recommendations:

Matthew Rosenquistçš„æ›´å¤šæ–‡ç«

Immutable Cybersecurity Law #12

Boards Challenged to Embrace Cybersecurity Oversight

The CISO Transformation â€“ A Path to Business Leadership

Healthcare Crisis Emerges: Cybersecurity Vulnerabilities in Patient Monitors Confirmed by FDA

10 Cybersecurity Predictions for 2025

The CISO's Role: Evolving Expectations In Cybersecurity

Time of Reckoning â€“ Reviewing My 2024 Cybersecurity Predictions

The Dark Side of Microsoftâ€™s New Voice Cloning Feature: Innovation Enabling Risk

Is Cyber Threat Intelligence Worthless?

Are Leaders Ready to Break the Ransomware Cycle

ç¤¾åŒºæ´žå¯Ÿ

å…¶ä»–ä¼šå‘˜ä¹Ÿæµè§ˆäº†

Fodcha DDoS Botnet Resurfaces with New Capabilities

Attacks, Vulnerabilities and Actors 19 June to 25 June 2023

Attacks, Vulnerabilities and Actors 3 July to 9 July 2023

Your Weekly CyberSec Digest

Your weekly Cybsersec Digest

#cybersecurity news summary

#cybersecurity new summary

[July 2022, Issue II] Newly Discovered Orbit Malware Creates Stealthy Backdoor on Linux Devices

Jan. 26 Cyber News

Fake DeepSeek Campaign: macOS Users Targeted by Poseidon Malware

å…¶ä»–ä¼šå‘˜ä¹Ÿæµè§ˆäº†