Comment: Latest Docker Container Attack Highlights Remote Networking Flaws

It has been reported that a security flaw that provides a backdoor through which Docker containers can be compromised via unsecured remote connections may require IT teams to revisit their approach to DevSecOps.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sergio Loureiro
Sergio Loureiro , Cloud Security Director
InfoSec Expert
September 2, 2020 3:45 pm

This type of attack will be fueled by widespread usage of containers and AWS. Hackers are looking for computing power for crypto mining, and they know DevOps environments tend to be low hanging fruit. Default configuration, or should I say misconfiguration, such as enabled Docker remote connections are great for DevOps collaboration but as this attack shows it is against basic security best practices.

Exploiting that vulnerability is easy, can be done remotely, and can even be enhanced by escaping Docker and compromising the host. The solutions are not rocket science; just apply the CIS Docker benchmark in an automated way to your DevOps environment. Keeping your AWS credentials safe with multi-factor authentication and least privilege policies with the CIS AWS benchmark will help for the first phase of the attack. And getting top vulnerability scanning in place to prevent escaping Docker attacks will raise 3 barriers that most crypto miners will not bother to overcome.

Last edited 2 years ago by Sergio Loureiro
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x