A recent analysis of 4 million public container images published by security startup Prevasio reveals critical vulnerabilities and malware issues on 51 percent of containers.
The results show that Docker containers present a potentially serious risk to enterprise customers implementing container technology without adequate security protocols in place.
Prevasio’s analysis ran across the entire Docker Hub and found 51 percent of all containers had “critical” vulnerabilities, while 13 percent were classified as “high” and four percent as “moderate” vulnerabilities.
Also, 6,000 containers were riddled with cryptominers, hacking tools/pen testing frameworks, and backdoor trojans. While many cryptominers and hacking tools may not be malicious per se, they present a potentially unwanted issue to an enterprise.
Prevasio’s analysis also show more than 400 examples (with nearly 600,000 pulls) of weaponized Windows malware crossing over into the world of Linux. This crossover is directly due to the proliferation of cross-platform code (e.g. GoLang, .NET Core and PowerShell Core).
Dubbed “Operation Red Kangaroo” by the company, the scan was completed using Prevasio’s Analyzer, the company’s sandboxing and behavioral analysis system for Docker containers.