• These container instances were associated with Kubernetes and Docker container platforms.
  • A simple search on Shodan reveals these vulnerable containers are spread across many countries.

Security researchers have uncovered a horde of container instances that were having default configurations. Researchers from Palo Alto Networks came across over 40,000 of these containers on Shodan.

The containers belonged to Kubernetes and Docker, which are the two popular platforms used to deploy containerized applications. According to the researchers, a majority of them were hosted on AWS and were located in countries such as the US, Germany, Ireland, China, and France.

Key highlights

  • As per the researchers’ findings, 20,353 Kubernetes containers were identified through Shodan search. These containers were located in the US, Ireland, Germany, Singapore, and Australia.
  • Likewise, 23,354 Docker containers were found which were distributed in China, the US, Germany, Hong Kong, and France. Interestingly, hosting was done on different services in addition to Amazon.
  • The Shodan results also showed additional metadata related to the containers. These included services, organizations, operating systems, and products.

Worth noting

In a blog, Nathaniel Quist, Senior Threat Researcher at Palo Alto Networks, suggested how the aforementioned vulnerable containers can be dangerous.

“This does not necessarily mean that each of these 40,000+ platforms are vulnerable to exploits or even the leakage of sensitive data: it simply highlights that seemingly basic misconfiguration practices exist and can make organizations targets for further compromising events. Seemingly simple misconfigurations within cloud services can lead to severe impacts on organizations,” wrote Quist.

Cyware Publisher