Cybersecurity researchers at Aqua Security have identified a malware campaign that targets misconfigured open Docker Daemon API ports with thousands of attempts taking place daily. The researchers warn, \u201cThese are the highest numbers we\u2019ve seen in some time, far exceeding what we have witnessed to date.\u201d\u00a0\u00a0 \u200bUsing its virus analysis tools, Aqua Security identified the malware as a Golang-based Linux agent, known as\u00a0Kinsing. The attacks have been going on for the past few months. \u200bThe campaign aims to deploy a crypto miner on the compromised host.\u00a0 \u200bThe Aqua Security report provides a comprehensive analysis of the elements of the malware campaign, which stands out as a strong example of what the cybersecurity firm claims is \u201cthe growing threat to cloud-native environments.\u201d The attackers scan the internet for vulnerable Docker API ports to exploit, then once found, they run an Ubuntu container. Hackers configured the Ubuntu container to clear logs, remove other malware running on the same Docker instance, and disable security safeguards. Before the malware deploys its payload, it attempts to connect with servers in Eastern Europe, the researchers say. A command-and-control (C&C) servers split the various functions required to manage the attacks. There are dedicated servers for each function that the malware will execute.\u00a0 Once these tasks have been completed, the Kinsing malware download begins on the compromised host. The malware downloads the spre.sh shell script used to spread the malware across the container network laterally.\u00a0 At the last stage of the attack, the malware runs a crypto-miner called kdevtmpfsi, which is a BTC \u201cminer.\u201d\u00a0Transaction processors, aka miners, can be designed for many kinds of digital currencies, researchers said. The \u201cminer\u201d connects to a host with the 18.104.22.168 IP address using a login request over HTTP, receives further instructions, and starts mining digital currencies. Researchers said the exploit attempts to continue infecting other parts of the cloud systems by using local SSH credentials it collects along the way. If successful, a shell script then places the digital currency processor on the infected host. This allows cybercriminals to test an extensive number of key combinations and user account possibilities, researchers added. \u200bThe scope and ambitions reveal that the fraudulent BTC processing campaign is not just \u201can improvised endeavor\u201d as the people behind it must rely on major infrastructure and resources. \u200bAccording to the researchers, the security issue continues to escalate as attackers continue to mount more sophisticated and ambitious attacks.\u00a0 To combat these efforts, enterprise security teams need to come up with robust strategies to mitigate these new risks. Among their recommendations, Aqua Security advises that organizations identify all cloud resources and organize them in a logical structure, review their authorization and authentication policies, and change necessary security policies according to the principle of \u201cleast privilege.\u201d Teams should also investigate logs to locate user actions that register as anomalies, besides implementing cloud security tools to strengthen their strategy. \u200bLooking back on online security, Kinsing is not the only sophisticated attack that has made headlines recently. Recently, Guardicore Labs announced that it had identified a new malware strain that has been operating for up to two years. \u200bThe firm identified\u00a0Vollgar, a threat actor that mines Vollar, an altcoin variant. The firm explained that the malware targets Windows machines that run on the MS-SQL servers\u2014computers which, according to its estimates, are only about 500,000 left worldwide. \u200bWhile these servers are rare, they have become notably recognized for the high processing power they provide, and the capacity to store valuable personal and financial information. Guardicore Labs explained that once Vollgar infects a server, it kills off the processes of other threat actors entirely, then it deploys multiple backdoors, crypto miners, and Remote Access Trojans. \u200bIn March, Singapore-based unicorn startup Acronis released the results of its latest cybersecurity survey. The report revealed that 86% of IT professionals are concerned about cryptojacking\u2014the industry term for the practice of using a computer\u2019s processing power for processing digital currencies without user consent or knowledge.