Protect Your Docker Registry Before Hackers Locate It

• Researchers reported a total of 941 Docker registries with 2956 repositories exposed to the internet.
• Organizations can add a firewall rule to prevent the registry’s online availability.

Security experts alerted that misconfigurations in Docker registry may lead to critical data theft and malicious attacks.

Docker registries are Docker repositories organized to store all-important images, which contain bundled application code, dependent libraries, and operating system files. These registries therefore provide access to application source code and business-critical data. Thus, it also requires strong security.

What happened?

Researchers at Palo Alto Networks’ Unit 42 found docker registries exposed to the internet, some of which were accessible even without the required permission.

The team unveiled misconfigured registries’ network access controls that can let attackers infiltrate and steal sensitive information.

Key findings

Researchers reported a total of 941 Docker registries with 2956 repositories and 15,887 tags in these laid bare nearly 3000 applications and almost 16,000 unique versions of these.

• Also, out of those 941 Docker registries, 117 registries could be accessed without authentication.
• A large number of registries allowed the “push” operation. Hackers could exploit it to replace legitimate app images with those containing backdoors.
• Some registries had open permissions for deletion. Cybercriminals could encrypt, delete, or hold those for ransom.
• Meanwhile, some registries allowed any user to pull and run the images.

Comments and conclusion

According to the research firm, the remediation strategy for this problem statement is simple and straight. Organizations can add a firewall rule to prevent the registry’s online availability and enforce authentication header for all the API requests.

“However, with an ever-increasing number of applications and complexity of infrastructure, security becomes a daunting job. Automated tools are needed to scan for vulnerabilities and monitor malicious activities constantly. The earlier the issues can be identified, the less chance they will be exploited in the production,” the firm concluded.