Computer security company Skybox Security released the mid-year update to its 2019 Vulnerability and Threat Trends Report, analyzing the vulnerabilities, exploits, and threats in play over the first half of 2019, and among the key findings of the report is the rapid growth of vulnerabilities in cloud containers.
In a nutshell, cloud containers are lightweight and lower overhead virtual machines (VMs) that can be used to replace traditional VMs in many cloud computing deployments because of their speed and simplicity. However, such ease of deployment can lead to security lapses with old container images including known vulnerabilities quickly replicated and deployed throughout a public, private or hybrid cloud infrastructure.
According to the Silicon Valley-based startup, vulnerabilities in container software have increased by 46% in the first half of 2019 compared to the same period in 2018, and by 240% compared to the two years ago figures.
“Cloud technology and adoption has obviously skyrocketed, so it’s no surprise that vulnerabilities within cloud technology will increase,” said Skybox Director of Threat Intelligence Marina Kidron. “What is concerning, though, is that as these are published, the race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences. Compared to other technology, containers can be more numerous and quickly replicated. The attack footprint could expand rapidly, and a number of victims may be extremely high.”
In the report, Skybox mentioned a recent container vulnerability discovered earlier this year, known as CVE-2019-5736, that allowed a malicious actor that created a rogue container image to gain administrative privileges and effectively take over the physical server. Most of the container runtime systems including the very popular Docker and Kubernetes were affected, as well as users of Linux distributions that use runC—the Open Container Initiative (OCI) runtime specification—including customers of Amazon's cloud (AWS) and Google Cloud.
The good news from the report is that out of all the more than 7,000 known vulnerabilities published in the first half of 2019, only a small fraction (659) will ever have an exploit created for, and less than 1% will actually be exploited in a large scale attack, in the "wild."
However, the bad news is that the increasingly complex computing infrastructure makes it difficult to know which of those vulnerabilities will actually be exposed to potential attacks and represent a critical risk.