Over 40,000 containers hosting devices found exposed


Palo Alto Networks’ Unit 42 announces the results of its research into container hosting devices.

Researchers discovered more than 40,000 unique container hosting devices, which have default container configurations on the internet, exposing personal information.

Using the open source Shodan, 20,353 Kubernetes were located in the United States, Ireland, Germany, Singapore and Australia, whilst 23,354 Docker containers were identified located in China, the United States, Germany, Hong Kong and France.

Senior threat researcher Nathaniel Quist explained:

“This does not necessarily mean that each of these 40,000+ platforms are vulnerable to exploits or even the leakage of sensitive data: it simply highlights that seemingly basic misconfiguration practices exist and can make organisations targets for further compromising events.”

“Seemingly simple misconfigurations within cloud services can lead to severe impacts on organisations.”

Unit 42 also conducted further research to see what services were exposed and what information had been leaked and found sites exposing database instances to the public compromising personal information.

Quist concluded:

“Misconfigurations such as using default container names and leaving default service ports exposed to the public leave organisations vulnerable to targeted reconnaissance.

“Using the proper network policies or firewalls can prevent internal resources from being exposed to the public internet. Additionally, investing in cloud security tools can alert organisations to risks within their current cloud infrastructure.”

Unit 42 also made a series of recommendations to improve the overall security of container platforms:

  • Investing in cloud security platforms or managed services that focus on container security strategies.
  • Limiting access to services hosted on containers to internal networks, or prior designated personnel, through the use of firewall controls or container platform network policies.
  • Establishing basic authentication requirements for containers.
  • Identifying the type of data stored or managed within each container and using the appropriate security practices to keep these data types secure.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.