image credit: Freepik

Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent

November 14, 2023


A new attack campaign deploys malicious container images on cloud servers by exploiting insecure Docker Engine API endpoints. The malicious image contains a distributed denial-of-service (DDoS) botnet implant written in Python.

“Once a valid endpoint is discovered, it’s trivial to pull a malicious image and launch a container from it to carry out any conceivable objective,” researchers from Cado Security said in a report. “Hosting the malicious container in Dockerhub, Docker’s container image library, streamlines this process even further.”

Read More on CSO Online