Containers give an easy approach to build, deploy and run applications by packaging individual dependencies like libraries, data files, and more into one package. Containers are very often deployed with the default security configurations, which do not provide adequate protection for enterprise security, according to experts.
While containers have various benefits of portability, less system dependence and increased innovation, it can be very costly for companies if not done properly. So if a bad actor were to have control of a container, it could damage your entire container stack.
At the same time, many companies don’t utilise identity and access management policies which can effectively secure containerised applications from hackers. Similarly, it’s important to sign the container images. An improperly configured container can be a source of a major security event.
In fact, security researchers have discovered thousands of misconfigured containers belonging to companies located in various geographies like the US and China, which could become hacking targets and provide malicious players access to sensitive data.
Misconfigured Containers Can Give Hackers Access To Corporate Networks
Misconfiguration practices can be caused due to human errors while deploying containers. A very few common container misconfigurations, according to experts, are utilising default container names and leaving default service ports exposed to the public.
Misconfigured containers can pose a significant security risk to companies using the cloud, and container security is such a critical issue that 94 % of security pros are worried about its security, and vulnerabilities in production, according to a report.
One example of attack as a result of a misconfigured container took place when hackers exploited a misconfigured Docker API port to execute an Ubuntu container with the kinsing malware, which then runs a crypto miner and spreads the malware to other containers and hosts.
The attack was discovered by security firm Aqua Security, the attack stood out as the example of the expanding threat to cloud-native environments. “Our analysis of this attack vector exposes the techniques used, starting with exploiting the open port, through evasion tactics and lateral movement, all the way up to the end-goal of deploying the crypto miner.”
According to Aqua Security, the firm had been witnessing a growth in the volume of attacks which target container environments. The firm has been tracking an organised attack campaign which targets misconfigured open Docker Daemon API ports.
Since attackers have been launching on newer strategies for penetrating into containers and gaining control of the entire cluster, it is very critical that container security is prioritised and made sure that containers are not released with any misconfiguration. Contrary to traditional applications, containerised applications need security to be built into the entire development and delivery process.
Experts also say that using network policies and firewalls are important here so that resources are not exposed to the web, and therefore needs stringent cloud infrastructure policies including container management.
Here’s What Can Be Done To Avoid Misconfiguration
It’s critical to scan your containers and images, including base images. For continuous vulnerability management, teams need to ensure that the solution you are leveraging can use both signatures and behaviour based technologies.
To avoid misconfiguration, there is a need for proper container management policies, including the implementation of effective security techniques at each step of the CI/CD workflows. This would eliminate the room for errors. Similarly, automation can be embedded into the container orchestration to minimise misconfiguration as a result of manual processes.