Predict your next investment

Docker company logo
Corporation
COMPUTER HARDWARE & SERVICES | IT Services / Virtualization
docker.com

See what CB Insights has to offer

Founded Year

2010

Stage

Series B - II | Alive

Total Raised

$328.76M

Last Raised

$23M | 7 mos ago

About Docker

Docker serves the container platform market. It enables developers and IT operations to build, secure and manage applications without technology or infrastructure lock in. By bringing together traditional applications and microservices built on Windows, Linux and mainframe under one operating model, Docker’s container platform enables companies to accelerate key digital initiatives including cloud migration, application modernization and edge computing.

Docker Headquarter Location

144 Townsend St.

San Francisco, California, 94107,

United States

415-941-0376

Latest Docker News

Malicious Packages Disguised as JavaScript Libraries Found

Oct 23, 2021

Compliance October 27, 2021 Compliance Sonatype: Cryptominers Launched in Windows, macOS, Linux Devices Prajeet Nair ( @prajeetspeaks ) • October 22, 2021     Get Permission Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines. An npm registry is a database of JavaScript packages, comprising software and metadata that are used by open-source developers to support JavaScript code sharing. The researchers reported the malicious packages to npm on Oct. 15, 2021, and it took them down within hours of their release, the report says. The researchers at Sonatype have attributed the ownership of the malicious packages to an author whose account is currently deactivated, the report notes. Technical Analysis The malicious packages are dubbed okhsa - cataloged as Sonatype-2021-1473 - and klow and klown - catalogued as Sonatype-2021-1472, the report notes. Okhsa, the researchers say, contains a skeleton code that launches the calculator app on Windows machines before installation. The versions of okhsa that do this also contain the klow or the klown packages as a dependency, according to the report. "The Sonatype security research team discovered that klown had emerged within hours of klow having been removed by npm," the report says. "Klown falsely touts itself to be a legitimate JavaScript library UA-Parser-js to help developers extract the hardware specifics (OS, CPU, browser, engine, etc.) from the User-Agent HTTP header," the researchers say. Sonatype researcher Ali ElShakankiry analyzed the packages and found that the klow and klown packages contained cryptocurrency miners. "These packages detect the current operating system at the preinstall stage, and proceed to run a .bat or .sh script, depending on if the user is running Windows, or a Unix-based operating system,” ElShakankiry notes. The aforementioned scripts also "download an externally-hosted EXE or a Linux ELF, which then executes the binary with arguments specifying the mining pool to use, the wallet to mine cryptocurrency for, and the number of CPU threads to use," the researchers say (see: Is Cryptocurrency-Mining Malware Due for a Comeback? ). The researchers were unable to fully determine how the malicious actor planned to target developers. "There are no obvious signs observed that indicate a case of typosquatting or dependency hijacking. Klow(n) does impersonate the legitimate UAParser.js library on the surface, making this attack seem like a weak brandjacking attempt," the researchers note. Sonatype did not immediately respond to Information Security Media Group's request for additional comment. Attacks Compromising Ecosystems The researchers at Uptycs Threat Research recently uncovered a campaign in which cloud-focused cryptojacking group TeamTNT was deploying malicious container images hosted on Docker Hub with an embedded script to download testing tools used for banner grabbing and port scanning. The researchers found that the threat actors scanned for targets in the victim’s subnet and performed malicious activities using the scanning tools inside the malicious Docker image (see: TeamTNT Deploys Malicious Docker Image on Docker Hub ). Pascal Geenens, director of threat intelligence at Radware, tells ISMG that the success of these attacks on ecosystems has not escaped the attention of malicious actors, who are all too happy to embrace yet another opportunity to perpetrate criminal activity. "They compromise these ecosystems by uploading malicious modules to the online repositories, with the aim of tricking developers into downloading and executing these modules on their systems. These so-called supply chain attacks are not limited to package repositories and open source. The NotPetya and SolarWinds Orion attacks were both the result of compromised commercial software updates," Geenens notes. “We’ve been following a recent uptick in adversaries increasingly targeting open-source repos for conducting attacks with different purposes - from stealing sensitive data and system files to cryptomining. We have seen this trend repeatedly, with April’s cryptomining attacks against GitHub, followed by Sonatype’s discovery of PyPI cryptomining malware in June,” Ax Sharma, senior security researcher at Sonatype, tells ISMG. Geenens says that given the success and size of the ecosystems behind PyPI and npm, there are plenty of opportunities to exploit targets with objectives ranging from reconnaissance to compromise, which include techniques such as information gathering and exfiltration, backdooring, stealing and, in the case of npm, cryptojacking. Defending Against Dependency Attacks Sharma warns that the malicious typosquatting, brandjacking and dependency hijacking packages on npm can do everything from exfiltrating minor data to spawning reverse shells and stealing sensitive files, conducting surveillance activities such as keylogging and accessing webcams, and spamming repositories with links to pirated content and warez sites. "While typosquatting and brandjacking attacks require some form of manual effort on the developer’s part, malicious dependency hijacking attacks are far more dangerous given their automated nature," he says. Sharma recommends being wary of typing mistakes. He says, "For example, "twilio-npm" may not be the same package as "twilio." Have an SBOM, or software bill of materials, to know what dependencies and components make up your application." He also recommends keeping an automated solution in place to defend against dependency hijacking attacks, which could be as simple as deploying a script that checks if any public dependencies being pulled into your code have conflicting names with your private dependencies.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing Docker

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Docker is included in 6 Expert Collections, including Sequoia's Microservices Ecosystem.

S

Sequoia's Microservices Ecosystem

129 items

Get small to get big. Microservices is an approach to building software that shifts away from large monolithic applications towards small, loosely coupled and composable autonomous pieces.

S

Smart Money VCs (2017-2019)

6,297 items

We crunched the data to identify the 24 VC firms with the best combination of portfolio valuations and investment outcomes.

D

Development & Operations

381 items

Development & Operations offer designers, developers, engineers, and IT professionals ways to increase efficiency, reduce costs, and improve quality.

C

Cloud Computing

1,330 items

Cloud computing startups develop technologies for remote (off-premises) servers used to store, manage, and process data.

T

The Multi-Cloud Ecosystem

98 items

Companies on our multi-cloud market map offer tools aimed at simplifying the relationship between various cloud providers or improving the management of individual resources from multiple providers. From management and orchestration to migration and security, these startups are h

T

Tech IPO Pipeline 2019

286 items

Docker Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Docker Rank

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.