"LemonDuck Cryptojacking Botnet Targets API Security Gap"

According to a recent report, the well-known cryptocurrency mining botnet LemonDuck can secretly mine cryptocurrency on the Linux platform by targeting Docker. LemonDuck mines cryptocurrency, escalates privileges, and moves laterally in compromised networks by targeting Microsoft Exchange servers. It uses Docker, a popular platform for creating, running, and managing containerized workloads. Since Docker runs container workloads in the cloud, an incorrectly configured cloud instance may expose a Docker Application Programming Interface (API) to the Internet. Attackers can then use this API to launch a hidden cryptocurrency miner inside a container controlled by the attacker. The cryptocurrency boom has resulted in a significant increase in illicit mining. A Google Threat Horizon report found that 86 percent of compromised Google Cloud instances were used to mine cryptocurrency. LemonDuck also monetizes its efforts by running multiple campaigns at once to mine cryptocurrency, such as Monero. Cryptojacking has proven to be a financially lucrative option for threat actors due to the widespread use of cloud and container technology in enterprises. People who run botnets like LemonDuck now target Docker for mining cryptocurrency on the Linux platform because cloud and container ecosystems rely heavily on Linux. Some organizations use a zero-trust security model to verify and authorize API connections to an app or software to mitigate API-related attacks. This method ensures that the interaction satisfies the requirements of a security policy. A zero-trust security strategy also authenticates and authorizes API connections based on dynamic policies and context. This article continues to discuss how the LemonDuck cryptocurrency mining botnet works and how to prevent cryptojacking. 

Security Intelligence reports "LemonDuck Cryptojacking Botnet Targets API Security Gap"