In 2021, we observed numerous attackers who escaped container environments to the
underlying host via a misconfigured Docker daemon. Threat actors escape container
environments to increase the impact of their attack. But how much damage can be caused
when an attacker manages to escape a container? To answer this question, we need to
determine the blast radius of an attack – or the total potential impact of an attack.
We identified 105 victims of malicious container images and analyzed them to determine
the blast of radius of these types of attacks.
In terms of initial exposure, our analysis shows that 36% of the victims’ hosts had multiple
severe vulnerabilities and misconfigurations that can lead to severe damage in and
of itself, such as a sensitive data leak. But we also found that 70% of the hosts had a
mild potential for credential theft and lateral movement, such as sniffing unencrypted
credentials, which might allow them to escalate privileges or move laterally to other hosts
and cause damage elsewhere.
Please fill all the required * fields.