Malware and botnet detections also soar
Daily Archives: August 10, 2022
Are cloud containers a sugar-coated threat?
This blog was written by an independent guest blogger.
Containerization is a rapidly evolving technology in cloud-native applications. Just like computing systems, containers consist of packages of software programs with all the vital elements like binaries, files, and libraries for running an application in the environment from anywhere.
Containers are lightweight, and DevOps teams develop applications and deploy services using them. Moreover, organizations also use these containers to deploy and scale the DevOps infrastructure like the CI/CD tools. A report reveals that by 2022, organizations are likely to run 24% of their workload on containers.
However, despite the benefits containers offer, it doesn’t mean they are completely secure. A study revealed that 87% of organizations had deployed containers in their production, while it’s found that 94% had experienced at least one security incident. Another research finds that 45% of organizations have delayed or slowed down their application deployment process because of container security issues.
All these issues can cause organizations to slow down their transformation journey and bear financial and reputational loss. To avoid such circumstances, organizations need to be aware of cloud container threats and learn how to minimize risks.
Why are cloud containers becoming a growing threat?
Containerization is a fast-moving trend that plays a pivotal role in improving agility and boosting innovation and is necessary for application development. The adoption of containers has soared in recent years and will continue to rise – and why not, as it transforms how an organization deploys IT infrastructure.
Gartner predicts that by 2023, 70% of organizations will use containerized applications. In a survey, the Cloud-Native Computing Foundation (CFNC) finds that 96% of enterprises have evaluated or actively use Kubernetes. Besides this, 68% of the IT leaders in the Red Hat State of Enterprise Open Source Report for 2022 say that container technology is on the level of other important technologies, like Artificial Intelligence and Machine Learning.
Container adoption comes with great advantages, but can also pose cybersecurity threats and challenges that adversely impact organizations. Enterprises who depend on container technology but fail to identify the security vulnerabilities and implement mitigation measures compromise their sensitive business data, including customer data. The situation becomes even more dire since most of these threats can’t be mitigated through endpoint security tools such as proxies or VPNs. Here are some of the reasons cloud containers are becoming a threat to organizations:
Human error
Hackers can compromise container technology in the cloud in several ways. A study reveals that 90% of the respondents had experienced a security incident in their container, while 67% had severe misconfigurations in their container. In fact, according to Gartner, by 2025, more than 89% of cloud breaches will have a root cause of user misconfiguration and mistakes.
Containers are not built to store data. But at times, organizations make the mistake of storing sensitive inside container images. Since the data stored can become publicly accessible, this gives threat actors a great advantage in their malicious purposes. For example, Vine’s entire code was exposed when it was revealed that the container registry that hosted images contained the source code was accessible to the public.
Exploiting weak points
Cybercriminals can find a weak loophole within the underlying operating system and exploit that weak point and access the container. For example, hackers can break into the cloud environment by compromising weak credentials, then they can modify the application configuration – and that can lead to security threats in the supply chain. Hackers can also exploit containers to gain access to the main server. In both cases, the container is compromised and puts data security at risk.
Image vulnerabilities
Another threat to containers is related to the images that build a container. Businesses can reuse the components of the image rather than build a new container from scratch. Thus, container images play a crucial role in the container ecosystem, but the risks it poses can’t be overlooked.
A report reveals that more than two million container images hosted on the Docker Hub repository have at least one critical vulnerability. Malicious actors have targeted public registries with image-squatting attacks. Under this attack, cybercriminals upload malicious images with the names of authentic and legitimate images.
The attackers can infiltrate images that create containers with malware. The malware spreading throughout the container corrupts files and even leads to data theft.
API server access
Researchers have found that more than 380,000 Kubernetes API servers allow access to the public internet. This makes the open-source container-orchestration engine that manages cloud deployments an easy target for cybercriminals. A compromised API server can enable threat actors to manipulate the communication among various Kubernetes components like malicious resources that are externally hosted.
Moreover, attackers can leverage the communication channel to spread crypto-mining malware among the pods. This can even threaten the organization’s available applications and services.
Apart from this, as containers communicate with each other and the orchestration environment over the network, attacks like SQL injections and XSS attacks are pretty common.
Best practices for cloud container defense
According to a report, 75% of the containers have high or critical patchable vulnerabilities. As enterprises move to container technology for their applications and services, the need to protect cloud containers has become imperative.
Below are effective ways to mitigate the cloud container threats:
Implement security controls that secure containers at all stages of the container lifecycle.
As containers consist of application code, files, libraries, and binaries, establish an official container registry.
Protect API servers as a top priority. API servers need strong authentication credentials, and developers should restrict unauthorized access by incorporating multi-factor authentication (MFA) or other tools.
Use a containerized-next-generation-firewall to protect containers from network-based threats like malware. Next-generation firewalls can prevent malware from entering and spreading within the container and stop malicious outbound connections used for data exfiltration.
Increase the use of artificial intelligence-based automated configuration management to avoid the risk of human errors.
Scan internal source code thoroughly to ensure that malware isn’t present in container images. However, since container images also include imported resources from third-party, scanning is not enough. Instead of scanning the source code, scan the entire image with a container scanner, as it analyzes the image content and marks the shady or insecure components.
Deploy access control to ensure that no unauthorized user accesses images in the registry. This way, organizations can prevent data leaks because images can expose private data.
Continuously conduct security testing to prevent even the smallest misconfiguration.
Organizations have a successful strategy to protect against cloud container threats if they ensure that they can fulfill vulnerability management, runtime protection, compliance, and network security requirements for containerized applications.
Final thoughts
With the increasing adoption of container technology within the cloud and its numerous benefits, organizations can be tempted to ignore potential security threats. Human error, image vulnerabilities, and compromised API servers are the prime causes increasing cloud container threats. These issues often lead to malware attacks, data theft, and leaks. Using adequate container security measures like using container security tools, maintaining API security, using firewalls, and continuous monitoring and testing can help mitigate the risks.
8 tips to secure printers on your network
I recently introduced a Ricoh IM 6500 printer on the office network, and it reminded me that we need to treat printers like computers. These devices should be given the same amount of security resources, controls, processes and isolation as need for any other computer in your network.
Focus on these eight areas to keep you printers from being a point of entry for attackers:
1. Limit access privileges to printers
Like any other technology, limit printer access to only those who need it. Define the network IP addresses of the devices with permission to access each printer.
2. Disable unused protocols
Disable unused protocols that are active on each device. Only set up those protocols that are needed. Ensure that you review this process regularly as the needs for your network changes.
How harm reduction can more effectively reduce employee risky behavior
Most cybersecurity professionals know that training employees to follow good cybersecurity practices, such as phishing simulations that find employees at fault for falling for convincing phony lures, is frequently a frustrating proposition. One recent experiment conducted at Baylor University found evidence that phishing tests can harm relationships between a company and its employees, causing feelings of betrayal and making them view cybersecurity as harmful.
Surge in CVEs as Microsoft Fixes Exploited Zero Day Bugs
zlib-1.2.11-31.fc35
FEDORA-2022-b58a85e167
Packages in this update:
zlib-1.2.11-31.fc35
Update description:
Fix for CVE-2018-25032
zlib-1.2.11-32.fc36
FEDORA-2022-3a92250fd5
Packages in this update:
zlib-1.2.11-32.fc36
Update description:
Fix for CVE-2018-25032
Multiple Vulnerabilities in VMware vRealize Operations Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in VMware vRealize Operations, the most severe of which could result in Remote Code Execution. VMware vRealize Operations is an IT management platform which enables visibility, optimization and management of an organization’s physical, virtual and cloud infrastructure. This software comes within an API which enables developers to build vRealize Operations clients to communicate with the server over HTTP. Successful exploitation of the most severe of these vulnerabilities could allow the attacker to execute code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data
Multiple Vulnerabilities in VMware vRealize Operations Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in VMware vRealize Operations, the most severe of which could result in Remote Code Execution. VMware vRealize Operations is an IT management platform which enables visibility, optimization and management of an organization’s physical, virtual and cloud infrastructure. This software comes within an API which enables developers to build vRealize Operations clients to communicate with the server over HTTP. Successful exploitation of the most severe of these vulnerabilities could allow the attacker to execute code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data