Live Demo
Blog   >   SOC Threat Intel   >   Go Behind the Scenes of a Docker Cryptojacking Attack

Go Behind the Scenes of a Docker Cryptojacking Attack

When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his role in the Threat Stack Cloud SecOps Program℠, Ethan regularly monitors customer environments and proactively investigates alerts like this on the customer’s behalf. In this case, his suspicions were warranted, and Threat Stack had identified an active Docker cryptojacking attack.

Ethan and Threat Stack Security Solutions Engineer John Shoenberger recently sat down with “Your System Called: A Threat Stack Podcast” to recount this investigation into a Docker cryptojacking attack, his process of putting together a specific list of actionable recommendations, and how he worked with the customer within an hour of the alert to mitigate the threat.

This episode of “Your System Called” is a peek behind the curtain of the Threat Stack Cloud SecOps Program’s day-to-day investigations through the Oversight℠ service. As part of Oversight, Threat Stack security analysts like Ethan become an extension of the customers’ internal security teams and proactively monitor all aspects of cloud infrastructure to identify both ongoing threats and provide recommendations on ways to proactively improve the customers’ security posture.

Ethan and the rest of Threat Stack’s security analysts are dedicated to helping Threat Stack Cloud SecOps customers achieve true DevSecOps even in the face of short-staffed security teams and competing priorities. By offloading much of the manual investigation, internal security teams are able to focus on implementing proactive change and reducing risk instead of investigating alerts.

Sharing the Story on the Pod

This episode of Your System Called is a great conversation filled with practical advice on how to improve cloud security hygiene — plus, Ethan provides a detailed look at this new type of container attack.

In the podcast, John and Ethan weigh in with their best “security for your buck” advice. Some of the topics they cover include:

  • How the Threat Stack SOC operates
  • How much Ethan loves reading logs
  • Practical advice on NTP server configuration
  • How to avoid clock drift
  • How Threat Stack Oversight helps customers identify threats
  • How an attacker attempted a cryptojacking exploit in a customer’s Docker container
  • John and Ethan weigh in with their best “security bang for your buck” advice

Want to learn more about the Cloud SecOps Program? Check out our new infographic: The Anatomy of a Threat Stack Oversight Notification.