- ‣ The United Nations Suffers a Data Breach, Exposing 100,000 Employee Details
- ‣ KubeSphere Extends Collaboration To Amazon Web Services
- ‣ Red Hat To Acquire StackRox and Bring To OpenShift Platform
- ‣ DataStax Releases K8ssandra – The Latest Production-Ready Platform for Running Apache Cassandra on Kubernetes
- ‣ AWS Launches Location Service, Opening New Opportunities For Developers
- ‣ GDPR Violations Lead To $66,000 Fine for Swedish University
- ‣ CloudLinux To Invest A Million Dollars Annually In Project Lenix
- ‣ Google Launches Machine Query Language in General Availability for Cloud Monitoring
- ‣ AWS Launches Service Workbench for Researchers
- ‣ AWS Batch Support Now Available for AWS Fargate
- ‣ Highest-Rated Cloud Computing Companies to Work For in 2021
- ‣ Mirantis Launches k0s - The Smallest, Simplest Kubernetes Distro
- ‣ AWS Fault Injection Simulator Improves Cloud Chaos Engineering
- ‣ China claims it’s quantum computer is 100 trillion times faster than any supercomputer
- ‣ Red Hat OpenShift to Support Windows Containers from 2021
- ‣ How Do Teams Automate Security in 2020?
- ‣ Github Releases 2020 State Of The OCTOVERSE Report
- ‣ Twitter Signs Agreement With AWS To Leverage The Public Cloud
51% of 4 million Docker images have critical vulnerabilities
Dec. 15, 2020, 9:32 a.m. in DevSecOps
Prevasio, a cybersecurity startup, has announced that it has completed the scanning of 4 million container images at Docker Hub. Nearly 51% of the images have critical vulnerabilities, and nearly 6,500 of them can be considered malicious.
According to an analysis by Prevasio, half of all the images available on Docker Hub have critical vulnerabilities due to outdated software. The analysis also revealed that thousands of images are in reality dangerous software, with many of them potentially being attack tools.
As per Prevasio, the malicious containers representing nearly 0.16% of the total have been downloaded more than 300 million times. These were classified as malicious due to the presence of malware, hacking tools, cryptocurrency miners, and trojanized applications.
The cybersecurity startup also uncovered images with dynamic payloads. It means that the original image does not look malicious, but it has been scripted to run a miner source code when downloaded, compiled then executed.
A dynamic sandbox system was used by the same company to download and build images into Docker containers. They then ran the containers to detect vulnerabilities and dangerous behavior.
Prevasio’s report concluded that Linux OS, and Linux containers, in particular, were not immune to security risks. Nearly half of all container images hosted by Docker Hub contained one or more critical vulnerabilities and were potentially exploitable. Only one-fifth of all the images tested by the startup had no disclosed vulnerabilities.
The software supply chain is in greater need of security efforts. More attackers have begun identifying weaknesses and slipping malicious software into employees’ computers, bypassing perimeter security.
Docker adoption has become normal for most enterprise-class complex applications, with several large enterprises implementing Docker containers in some form. Due to containerization available everywhere, the attack surface has increased exponentially. As such, the analysis report of Prevasio should be of great concern to any enterprise customer.
Prevasio warned that if a company’s developer took a shortcut by fetching a pre-built image instead of building one anew, there is a huge risk that the pre-built image may have been trojanized. When such images end up in production, they provide easy access to attackers to containerized applications via a backdoor.
Every month there is some bad guy upping their game and utilizing more containers as part of their attack. We expect it to be more prevalent because it is very easy to use a Docker container to trick a target into building the attack tools inside their own networkRony MoshkovichCEO and Co-founder, Prevasio