More than 40,000 containers belonging to Kubernetes and Docker platforms were found with default configurations. Research concluded that a multitude of the containers were hosted on AWS in countries such as the United States, Ireland, China, and France amongst others. A Shodan search located 20,353 Kubernetes containers. An additional 23,354 Docker containers were found. Included in the Shodan search was also metadata that included services, organizations, operating systems, and products in relation to the containers. A researcher that was involved in the discovery stated, “This does not necessarily mean that each of these 40,000+ platforms are vulnerable to exploits or even the leakage of sensitive data: it simply highlights that seemingly basic misconfiguration practices exist and can make organizations targets for further compromising events. Seemingly simple misconfigurations within cloud services can lead to severe impacts on organizations.”
Analyst Notes
Containers should be properly configured and only accessible by trusted sources. Official or certified images should only be used to make sure trusted content is running in the environment. Containers that are running should not be run with root privileges.
