Docker Registry Snafus Expose Firms to Cloud Compromise
February 11, 2020
Mo Moin (3581 articles)
Share

Docker Registry Snafus Expose Firms to Cloud Compromise

Security experts are warning that widespread Docker registry misconfigurations could be exposing countless organizations to critical data theft and malicious attacks.

Palo Alto Networks’ Unit 42 research group focused on one of the most popular platforms around for managing containers. Docker registries are servers designed to store and organize the all-important images, which contain bundled application code, dependent libraries and operating system files.

As these registries therefore provide access to app source code and business-critical data, it’s vital that they are properly secured. However, Palo Alto Networks discovered misconfigurations in registries’ network access controls which left many exposed.

In total, the Unit 42 team found 941 Docker registries exposed to the internet and 117 registries accessible without authentication. There were 2956 repositories and 15,887 tags in these registries, meaning effectively that nearly 3000 applications and almost 16,000 unique versions of these were exposed.

Scores of registries allowed the “push” operation, meaning hackers could replace legitimate app images with those containing backdoors. Others allowed for deletion, meaning cyber-criminals could encrypt or delete and hold them for ransom, while more still allowed any user to pull and run the images.

“The remediation strategy for this particular misconfiguration is straightforward, such as adding a firewall rule to prevent the registry from being accessed from the internet and enforcing authentication header in all the API requests,” the firm concluded.

“However, with an ever-increasing number of applications and complexity of infrastructure, security becomes a daunting job. Automated tools are needed to scan for vulnerabilities and monitor malicious activities constantly. The earlier the issues can be identified, the less chance they will be exploited in the production.”

This post Docker Registry Snafus Expose Firms to Cloud Compromise originally appeared on InfoSecurity Magazine.

Read More