January 18, 2024 at 06:15AM
Attackers have launched a new campaign targeting vulnerable Docker services, deploying an XMRig miner and the 9hits viewer app on compromised hosts for dual monetization. They exploit resources of these systems to drive traffic as part of the 9hits traffic exchange system, showcasing a need for stricter security checks and policies to prevent unauthorized use of such apps.
Based on the meeting notes, here are the key takeaways:
1. A new campaign has been discovered where threat actors are targeting vulnerable Docker services by deploying an XMRig miner and the 9hits viewer app on compromised hosts, allowing for a dual monetization strategy.
2. The 9hits viewer app is a web traffic exchange platform where members can drive traffic to each other’s sites, and it is being used maliciously by attackers to exploit resources of compromised Docker hosts.
3. Attackers are exploiting vulnerable servers using network scanning products like Shodan to discover and breach them, deploying malicious containers via the Docker API.
4. The 9hits container runs a script with a session token, allowing attackers to generate credits by visiting a list of websites, while the XMRig miner mines Monero cryptocurrency using the cloud system’s resources.
5. The campaign’s impact includes resource exhaustion on compromised hosts, affecting legitimate workloads and disrupting operations.
6. Threat actors are constantly exploring alternative monetization channels beyond traditional methods, underscoring the need for stricter security checks and policies for platforms like 9hits to prevent unauthorized use.
7. Entities investing in cloud computing environments are advised to utilize zero-trust models, Cloud Workload Protection Platforms (CWPP), and Cloud Security Posture Management (CSPM) to improve visibility, manage configurations, and protect exposed assets.
These takeaways highlight the evolving methods employed by threat actors and the importance of implementing robust security measures to safeguard cloud computing environments and prevent unauthorized usage of applications such as 9hits.