A Timeline of Container Cyber Threats Discovered in 2019

• Container is a piece of software that includes various components to deploy an application.
• The rising number of misconfigurations by developers and new vulnerabilities have led to a number of security compromises.

Let’s take a look at all the major container misconfigurations, exploits, and flaws that made headlines in 2019 so far.

February

Researchers disclosed a container vulnerability in runC, a portable container runtime, that potentially allows attackers to access file systems by escaping the container. This flaw is tracked as CVE-2019-5736 and requires local system access. It has been modified now.

March

Security experts released a proof-of-concept attack that involves exploiting a Linux privilege escalation vulnerability (CVE-2017-7308). After exploiting the vulnerability and using the proof-of-concept technique to infect, hackers can move laterally in the network or steal from co-hosted containers.

April

The official repository of Docker container images, Docker Hub, suffered a data breach this year, impacting the data of 190,000 users. The compromised information includes Docker Hub user names, hashed passwords, and Github and Bitbucket tokens.

Kubernetes, an open-source container orchestration system was found vulnerable to a directory traversal exploit last year, which was patched. However, it has been found that the patch is incomplete, and the attacks are still possible. The vulnerability allows attackers to steal sensitive information from the devices of Kubectl, a command-line interface for running commands against Kubernetes clusters.

May

Researchers discovered a major security vulnerability in Docker containers. All Docker versions were said to be vulnerable to this flaw, which can potentially allow the modification of files on the host system.

June

More than 40,000 containers with default configurations were discovered. Although not all of these containers are vulnerable to exploitation, researchers said that this highlighted the prevalence of seemingly basic misconfiguration practices.

October

Graboid, the first cryptojacking worm that spreads using containers in the Docker Engine was discovered. Attackers are said to gain an initial foothold through unsecured Docker hosts, and then deploy Graboid to mine for Monero.