More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet, according to research from Lacework.
According to reports, the containers suffer from poorly configured resources, lack of credentials and the use of non-secure protocols. As a result, hackers can remotely access the infrastructure to install, remove or encrypt any application that the company is running in the cloud. In total, Lacework found 22,672 open admin dashboards on the web; and more than 300 of them were unprotected by any credentials whatsoever. Tim Mackey, Senior Technical Evangelist at Black Duck by Synopsys commented below.
Tim Mackey, Senior Technical Evangelist at Black Duck by Synopsys:
“Properly securing container orchestration solutions requires a comprehensive review of the role the orchestration solution plays in an organisations service delivery plans. This includes authentication, but also role and user authorisation, quota management, activity logs and proper segmentation of resources to minimise the potential for lateral movement or container breakouts in any attack. Any container security strategy must include an understanding of how trust is created within the system and how the transfer of risk throughout the applications’ lifecycle occurs. This includes an understanding of the origin of the container images, their patch state and under what conditions those images can launch to create a running application. Importantly, container orchestration systems have roles based access models which can limit the ability of any given user to launch, modify a running application or otherwise act on data within an application. This then means that an attackers’ ability to compromise a system is a function of the account they’ve compromised. With the level of scale container orchestration provides, and with containers having potentially transient lifespans, a thorough understanding of what is running in a cluster at any point in time becomes paramount. It is only at that point where detection of compromise becomes possible.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.