How Misconfigured Containers May Create Cybersecurity Issues For Companies

containers security

Containers give an easy approach to build, deploy and run applications by packaging individual dependencies like libraries, data files, and more into one package. Containers are very often deployed with the default security configurations, which do not provide adequate protection for enterprise security, according to experts.

While containers have various benefits of portability, less system dependence and increased innovation, it can be very costly for companies if not done properly. So if a bad actor were to have control of a container, it could damage your entire container stack. 

At the same time, many companies don’t utilise identity and access management policies which can effectively secure containerised applications from hackers. Similarly, it’s important to sign the container images. An improperly configured container can be a source of a major security event.

In fact, security researchers have discovered thousands of misconfigured containers belonging to companies located in various geographies like the US and China, which could become hacking targets and provide malicious players access to sensitive data. 

Misconfigured Containers Can Give Hackers Access To Corporate Networks

Misconfiguration practices can be caused due to human errors while deploying containers. A very few common container misconfigurations, according to experts, are utilising default container names and leaving default service ports exposed to the public. 

Misconfigured containers can pose a significant security risk to companies using the cloud, and container security is such a critical issue that 94 % of security pros are worried about its security, and vulnerabilities in production, according to a report.

One example of attack as a result of a misconfigured container took place when hackers exploited a misconfigured Docker API port to execute an Ubuntu container with the kinsing malware, which then runs a crypto miner and spreads the malware to other containers and hosts. 

The attack was discovered by security firm Aqua Security, the attack stood out as the example of the expanding threat to cloud-native environments. “Our analysis of this attack vector exposes the techniques used, starting with exploiting the open port, through evasion tactics and lateral movement, all the way up to the end-goal of deploying the crypto miner.”

According to Aqua Security, the firm had been witnessing a growth in the volume of attacks which target container environments. The firm has been tracking an organised attack campaign which targets misconfigured open Docker Daemon API ports.

Since attackers have been launching on newer strategies for penetrating into containers and gaining control of the entire cluster, it is very critical that container security is prioritised and made sure that containers are not released with any misconfiguration. Contrary to traditional applications, containerised applications need security to be built into the entire development and delivery process. 

Experts also say that using network policies and firewalls are important here so that resources are not exposed to the web, and therefore needs stringent cloud infrastructure policies including container management.

Here’s What Can Be Done To Avoid Misconfiguration

It’s critical to scan your containers and images, including base images. For continuous vulnerability management, teams need to ensure that the solution you are leveraging can use both signatures and behaviour based technologies.

To avoid misconfiguration, there is a need for proper container management policies, including the implementation of effective security techniques at each step of the CI/CD workflows. This would eliminate the room for errors. Similarly, automation can be embedded into the container orchestration to minimise misconfiguration as a result of manual processes.

Download our Mobile App

Vishal Chawla
Vishal Chawla is a senior tech journalist at Analytics India Magazine and writes about AI, data analytics, cybersecurity, cloud computing, and blockchain. Vishal also hosts AIM's video podcast called Simulated Reality- featuring tech leaders, AI experts, and innovative startups of India.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

6 IDEs Built for Rust

Rust IDEs aid efficient code development by offering features like code completion, syntax highlighting, linting, debugging tools, and code refactoring

Can OpenAI Save SoftBank? 

After a tumultuous investment spree with significant losses, will SoftBank’s plans to invest in OpenAI and other AI companies provide the boost it needs?

Oracle’s Grand Multicloud Gamble

“Cloud Should be Open,” says Larry at Oracle CloudWorld 2023, Las Vegas, recollecting his discussions with Microsoft chief Satya Nadella last week.