How Misconfigured Containers May Create Cybersecurity Issues For Companies

containers security

Containers give an easy approach to build, deploy and run applications by packaging individual dependencies like libraries, data files, and more into one package. Containers are very often deployed with the default security configurations, which do not provide adequate protection for enterprise security, according to experts.

While containers have various benefits of portability, less system dependence and increased innovation, it can be very costly for companies if not done properly. So if a bad actor were to have control of a container, it could damage your entire container stack. 

At the same time, many companies don’t utilise identity and access management policies which can effectively secure containerised applications from hackers. Similarly, it’s important to sign the container images. An improperly configured container can be a source of a major security event.

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

In fact, security researchers have discovered thousands of misconfigured containers belonging to companies located in various geographies like the US and China, which could become hacking targets and provide malicious players access to sensitive data. 

Misconfigured Containers Can Give Hackers Access To Corporate Networks

Misconfiguration practices can be caused due to human errors while deploying containers. A very few common container misconfigurations, according to experts, are utilising default container names and leaving default service ports exposed to the public. 


Download our Mobile App



Misconfigured containers can pose a significant security risk to companies using the cloud, and container security is such a critical issue that 94 % of security pros are worried about its security, and vulnerabilities in production, according to a report.

One example of attack as a result of a misconfigured container took place when hackers exploited a misconfigured Docker API port to execute an Ubuntu container with the kinsing malware, which then runs a crypto miner and spreads the malware to other containers and hosts. 

The attack was discovered by security firm Aqua Security, the attack stood out as the example of the expanding threat to cloud-native environments. “Our analysis of this attack vector exposes the techniques used, starting with exploiting the open port, through evasion tactics and lateral movement, all the way up to the end-goal of deploying the crypto miner.”

According to Aqua Security, the firm had been witnessing a growth in the volume of attacks which target container environments. The firm has been tracking an organised attack campaign which targets misconfigured open Docker Daemon API ports.

Since attackers have been launching on newer strategies for penetrating into containers and gaining control of the entire cluster, it is very critical that container security is prioritised and made sure that containers are not released with any misconfiguration. Contrary to traditional applications, containerised applications need security to be built into the entire development and delivery process. 

Experts also say that using network policies and firewalls are important here so that resources are not exposed to the web, and therefore needs stringent cloud infrastructure policies including container management.

Here’s What Can Be Done To Avoid Misconfiguration

It’s critical to scan your containers and images, including base images. For continuous vulnerability management, teams need to ensure that the solution you are leveraging can use both signatures and behaviour based technologies.

To avoid misconfiguration, there is a need for proper container management policies, including the implementation of effective security techniques at each step of the CI/CD workflows. This would eliminate the room for errors. Similarly, automation can be embedded into the container orchestration to minimise misconfiguration as a result of manual processes.

Support independent technology journalism

Get exclusive, premium content, ads-free experience & more

Rs. 299/month

Subscribe now for a 7-day free trial

More Great AIM Stories

Vishal Chawla
Vishal Chawla is a senior tech journalist at Analytics India Magazine and writes about AI, data analytics, cybersecurity, cloud computing, and blockchain. Vishal also hosts AIM's video podcast called Simulated Reality- featuring tech leaders, AI experts, and innovative startups of India.

AIM Upcoming Events

Early Bird Passes expire on 3rd Feb

Conference, in-person (Bangalore)
Rising 2023 | Women in Tech Conference
16-17th Mar, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
27-28th Apr, 2023

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox
AIM TOP STORIES

All you need to know about Graph Embeddings

Embeddings can be the subgroups of a group, similarly, in graph theory embedding of a graph can be considered as a representation of a graph on a surface, where points of that surface are made up of vertices and arcs are made up of edges