Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Docker Registry Snafus Expose Firms to Cloud Compromise

Security experts are warning that widespread Docker registry misconfigurations could be exposing countless organizations to critical data theft and malicious attacks.

Palo Alto Networks’ Unit 42 research group focused on one of the most popular platforms around for managing containers. Run by the open source Moby framework, Docker registries are servers designed to store and organize the all-important images, which contain bundled application code, dependent libraries and operating system files.

As these registries therefore provide access to app source code and business-critical data, it’s vital that they are properly secured. However, Palo Alto Networks discovered misconfigurations in registries’ network access controls which left many exposed.

In total, the Unit 42 team found 941 Docker registries exposed to the internet and 117 registries accessible without authentication. There were 2956 repositories and 15,887 tags in these registries, meaning effectively that nearly 3000 applications and almost 16,000 unique versions of these were exposed.

Scores of registries allowed the “push” operation, meaning hackers could replace legitimate app images with those containing backdoors. Others allowed for deletion, meaning cyber-criminals could encrypt or delete and hold them for ransom, while more still allowed any user to pull and run the images.

“The remediation strategy for this particular misconfiguration is straightforward, such as adding a firewall rule to prevent the registry from being accessed from the internet and enforcing authentication header in all the API requests,” the firm concluded.

“However, with an ever-increasing number of applications and complexity of infrastructure, security becomes a daunting job. Automated tools are needed to scan for vulnerabilities and monitor malicious activities constantly. The earlier the issues can be identified, the less chance they will be exploited in the production.”

Stay up-to-date with the latest information security trends and topics by registering for Infosecurity Magazine’s next Online Summit. Find out more here.

What’s Hot on Infosecurity Magazine?