Half of new Docker instances are attacked in under an hour

(Image credit: Shutterstock)

Roughly half of all misconfigured Docker instances are attacked by malicious actors less than an hour after going live, a report from cybersecurity firm Aqua Security suggests.

Based on analysis of 17,358 individual “honeypot” attacks, the company's 2020 Cloud-Native report states that malicious actors take roughly five hours to scan a new honeypot.

These attacks are growing more sophisticated and damaging by the hour, Aqua added, as attackers get better at escalating privileges, laying low and persisting on the target network.

The average number of attacks rose from 12.6 per day in H2 2019, to 77 in H1 2020. In the second half of last year, meanwhile, the average number of attacks hit 97.3 a day.

Evolving attack methods

According to Aqua, while most Docker attacks are nothing more than a “nuisance”, some are more dangerous.

Most attackers are interested in running cryptojackers, small programs that mine cryptocurrencies for the attackers. These miners won’t destroy the target machine or steal data, but will drain energy and use most of the computing resources, sometimes rendering the device useless.

Two in five attacks result in backdoors that aim to give attackers access to the target environment and network.

Attackers are constantly evolving their methods; they are no longer focused on ports for unencrypted Docker connections only, the report suggests. Hackers are also targeting supply chains, code repository auto-build processes, registries and CI service providers. 

Sometimes, they will try to sneak a malicious container image or code packages onto Docker Hub and GitHub and conduct attacks through these services as well.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.