Abstract


In 2021, we observed numerous attackers who escaped container environments to the underlying host via a misconfigured Docker daemon. Threat actors escape container environments to increase the impact of their attack. But how much damage can be caused when an attacker manages to escape a container? To answer this question, we need to determine the blast radius of an attack – or the total potential impact of an attack. 

 We identified 105 victims of malicious container images and analyzed them to determine the blast of radius of these types of attacks. In terms of initial exposure, our analysis shows that 36% of the victims’ hosts had multiple severe vulnerabilities and misconfigurations that can lead to severe damage in and of itself, such as a sensitive data leak. But we also found that 70% of the hosts had a mild potential for credential theft and lateral movement, such as sniffing unencrypted credentials, which might allow them to escalate privileges or move laterally to other hosts and cause damage elsewhere.




Aqua
















By clicking 'Download Now' you agree to our Terms of Use. We take your privacy seriously. For more information please read our Privacy Policy. By registering with the Enterprise Guide you will automatically receive our weekly Product Update and Technology Insider eNewsletters.

Copyright 2021 Enterprise Guide. All Rights Reserved. Terms of Use | Privacy Policy