More than 40,000 Kubernetes and Docker containers discoverable on the internet - with many exposing personal data

One simple misconfiguration will expose enterprise apps and databases, warns Unit42

More than 40,000 Kubernetes and Docker containers are discoverable on the internet - with many misconfigured exposing personal information on databases that should not be publicly accessible.

That is the warning of security firm Unit42, which searched for identifiable containers using the Shodan search engine.

"In our research, we were able to easily find 20,353 Kubernetes containers globally using simple search terms. These instances were located in the United States, Ireland, Germany, Singapore, and Australia and the overwhelming majority of them were hosted on Amazon," claimed Unit42.

Cloud & Infrastructure Live 2019 returns to London on 19th September 2019. Learn about the latest technologies in cloud, how to keep one step ahead of the regulators, and network with an audience of IT leaders and senior IT pros. The event will include keynotes, panel discussions, case studies, and strategic and technical streams. Best of all, the event is FREE to qualifying attendees. Secure your place now.

Attending Cloud & Infrastructure Live 2019 already? Why not enter the Computing Cloud Excellence Awards that will be celebrated in the evening, too?

It continued: "We were also able to easily find 23,354 Docker containers globally using simple search terms. These instances were located in China, the United States, Germany, Hong Kong, and France. In the case of Docker, while Amazon was again the top hoster, there was a broader distribution of hosters for these instances."

Unit42 then did further research to see what services were being exposed and found numerous sites publicly exposing database instances revealing personal information.

After searching on Shodan for containers, the researchers then sought to identify various databases and database tools that might be run within the containers, including MySQL, Kibana, and Elastic - finding a series of databases exposing personal information.

One, in particular, was not only exposed, but was exposed without any form of authentication mechanism to help secure the data in the database.

"Default configurations can be significant security risks for organizations… Misconfigurations such as using default container names and leaving default service ports exposed to the public leave organizations vulnerable to targeted reconnaissance. Using the proper network policies, or firewalls can prevent internal resources from being exposed to the public internet," concluded Unit42.

"Additionally, investing in cloud security tools can alert organizations to risks within their current cloud infrastructure."

It also made a series of recommendations for organisations running databases in containers in the cloud:

• Invest in cloud security platforms or managed services which focus in container security strategies;
• Limit access to services hosted on containers to internal networks, or prior designated personnel, through the use of firewall controls or container platform network policies. The following links can help assist secure access to containers:
  • Docker - iptable Configuration;
  • Kubernetes - Network Policies.
• Establish basic authentication requirements for your containers. The following two links provide helpful instructions for how to establish a basic authentication practice for either Docker or Kubernetes:
  • Docker - Tokens;
  • Kubernetes - Authenticating.
• Identify the type of data stored or managed within each container and use the appropriate security practices to keep these data types secure;
• Your organization's compliance policies will assist in dictating the protections required;
• Isolate services to their own containers. Do not host more than one service on a single container, this will improve the resource efficiency of the container itself, and will assist in implementing effective security policies.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.