We have discussed the importance of keeping Docker APIs secure in previous articles, as leaving them exposed can give cybercriminals unfettered access to the host with root privileges. This access can lead to distributed denial of service (DDoS) attacks, remote code execution (RCE), and unauthorized cryptocurrency mining activity.
We recently observed an interesting payload deployment using the Metasploit Framework (MSF) against exposed Docker APIs. This active attack involves the deployment of Metasploit’s shellcode as a payload, and this is the first attack that we’ve seen that uses MSF against Docker. It also uses a small and a vulnerability-free base image in order for the attack to proceed in a fast and stealthy manner.
Source: Trend Micro