Hello, welcome to the Monday, December 10th, 2018 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

Recently, we have seen a large number of attacks against unprotected Docker instances.

The attack is usually just going against the Docker API on Port 2375.

I've talked about this before, but Remko looked a little bit deeper into this and looked at

the images that are being installed via this particular attack.

And what he found was a particular Docker hub account that was used to provide these

malicious images.

Now, some of these images had download numbers in the 100,000 times.

The particular account has been disabled by now. And it looks like the main reason that these images would be installed is this attack against the Docker API.

I don't think that anybody would sort of install these images by mistake, but it had somewhat sort of innocent names like, for example, Java 123.

Ramco is showing how he investigated these malicious images, so if you're running into any

suspect Docker images, it shows some of the tools that you can use in order to analyze them.

And you probably heard of the arrest of the Huawei CFO in Canada last week.

Well, we are seeing some advance fee scams that are trying to trick people into paying some kind of bribe

in order to have her released with the suggestion that of course if you do so you will be rewarded.

So really just sort of yet another variation of the Nigerian prince style scam, you're usually

asked to transfer of the order of $2,000 to $5,000 to dollars to a particular bank account which the message explains is

owned by this particular corrupt prison guard who will then release Ms. Meng.

So far these messages are all in Chinese targeting Chinese destinations either via SMS or

WeChat.

...