Go Behind the Scenes of a Docker Cryptojacking Attack

When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his role in the Threat Stack Cloud SecOps Program, Ethan regularly monitors customer environments and proactively investigates alerts like this on the customer’s behalf. In this case, his suspicions were warranted and Threat Stack had identified an active Docker cryptojacking attack.

Ethan and Threat Stack Security Solutions Engineer John Shoenberger recently sat down with “Your System Called: A Threat Stack Podcast” to recount this investigation into a Docker cyrptojacking attack, his process of putting together a specific list of actionable recommendations, and how he worked with the customer within an hour of the alert to mitigate the threat.

This episode of “Your System Called” is a peek behind the curtain of the Threat Stack Cloud SecOps Program’s day to day investigations through the Oversight service. As part of Oversight, Threat Stack security analysts like Ethan become an extension of the customers’ internal security teams and proactively monitor all aspects of cloud infrastructure to identify both ongoing threats and provide recommendations on ways to proactively improve the customers’ security posture.

Ethan and the rest of Threat Stack’s security analysts are dedicated to helping Threat Stack Cloud SecOps customers achieve true DevSecOps even in the face of short-staffed security teams and competing priorities. By offloading much of the manual investigation, internal security teams are able to focus on implementing proactive change and reducing risk instead of investigating alerts.

Sharing the Story On The Pod.

This episode of Your System Called is a great conversation filled with practical advice on how to improve cloud-security hygiene; plus, Ethan provides a detailed look at this new type of container attack. Here are some of the topics we cover:

  • Understand how the Threat Stack SOC operates
  • Hear about how much Ethan loves reading logs
  • Get practical advice on NTP server configuration
  • Learn how to avoid clock drift
  • Learn how Threat Stack Oversight helps customers identify threats
  • Find out how an attacker attempted a cryptojacking exploit in a customer’s Docker container
  • John and Ethan weigh in with their best “security bang for your buck” advice

Listen to the show and let us know what you think!


Want to learn more about  The Cloud SecOps Program? Check out our new infographic: The Anatomy of a Threat Stack Oversight Notification.

The post Go Behind the Scenes of a Docker Cryptojacking Attack appeared first on Threat Stack.


*** This is a Security Bloggers Network syndicated blog from Blog – Threat Stack authored by Robin Stone. Read the original post at: https://www.threatstack.com/blog/go-behind-the-scenes-of-a-docker-cryptojacking-attack