Uncovering threats in container systems: a study on misconfigured container components

Abstract

The increasing popularity of cloud computing has led to a significant rise in the usage of container technology. Docker and Kubernetes have emerged as standard tools for managing container systems due to their reliability and flexibility. However, REST APIs on container systems have introduced additional attack vectors. In this paper, we investigate the security threats posed by misconfigured container components that are exposed to the Internet. Our study involves an Internet-scale measurement to assess their prevalence. For this end, we collect a total of 1,003,947 IP addresses and identify renowned institutes, governments, and enterprises which are operating exposed and misconfigured container components, indicating potential compromises. Additionally, we conduct a real-world experiment within multi-branch institutes to identify vulnerabilities in misconfigured container components. By conducting a comprehensive scan of all 150,235 IP addresses associated with an institute, we identify three vulnerable servers among the 57 misconfigured container components. This finding demonstrates the feasibility and profitability of exploiting these containers through targeted attacks. This comprehensive investigation provides insights into the prevalence of misconfigured container components to safeguard container systems from unauthorized access. By addressing these security concerns, organizations can protect the integrity and confidentiality of their containerized environments more effectively.