A recent analysis of around 4 million Docker Hub images by cyber security firm Prevasio found that 51% of the images had exploitable vulnerabilities. A large number of these were cryptocurrency miners, both open and hidden, and 6,432 of the images had malware.
Prevasio’s team performed both static and dynamic analysis of the images. Static scanning includes dependency analysis, which checks the dependency graph of the software present in the image for published vulnerabilities. In addition to this, Prevasio's team also performed dynamic scanning - i.e. running containers from the images and monitoring their runtime behaviour. The report groups images into vulnerable ones as well as malicious ones. Almost 51% of the images had critical vulnerabilities that could be exploited, and 68% of images were vulnerable in various degrees. 0.16%, or 6432 of the analyzed images had malicious software in them. Windows images, which accounted for 1% of the total, and images without tags, were excluded from the analysis.
Earlier this year, Aqua Security’s cyber-security team uncovered a new technique where attackers were building malicious images directly on misconfigured hosts. Other research teams have also advocated "dynamic scanning" - performed as part of this study - to uncover hidden threats which are missed by static vulnerability analysis. Prevasio’s analysis - which ran on 800 machines for a month - found that containers launched from many suspect images downloaded and executed malware. The researchers ran Clam antivirus against the malware discovered at runtime, and the vulnerability scanner Trivy from Aqua Security.
Image from https://prevasio.com/static/web/viewer.html?file=/static/Red_Kangaroo.pdf - Used with permission.
Cryptocurrency mining is a popular exploit that has targeted public Docker images in recent years. Coin miners made up 44% of the malicious images. 6.4% of the malicious images had Windows malware, 23% had the flatmap-stream malware, and 20% had various "hacking tools". Coin miners fall into both the open (made for that purpose, and advertised as such) and the hidden (surreptitiously hidden inside an image with intent to exploit the user’s machine) categories. The flatmap-stream malware was introduced into the npm package event-stream and made it into millions of production workloads across the world in 2018. The report clarifies that "hacking tools" include penetration testing tools, which are not malicious in the true sense. They are classified as such by the report as their presence in a corporate environment would be unacceptable. Some images with popular software like Apache Tomcat and Jenkins were also found to have malware - highlighting the importance of using such platform tools from the officially maintained images only. It’s worth noting here that Rezilion's analysis in February 2020 concluded that 50% of the vulnerabilities in the 20 most popular container images - from their official maintainers - did not pose a significant threat.
Various studies over the years have noted the increasing number and scope of vulnerabilities in public repositories like Docker Hub. A 2015 study found that 30% of official images (statically analyzed) had high-priority vulnerabilities. Earlier in 2020, a team from academia concluded that "the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing" and "certified images are the most vulnerable", based on a study of 2500 Docker Hub images. Another paper [PDF] published earlier this year tested around 2.2 million Docker Hub images and found that severe CVE vulnerabilities are present in around 30% of official images. The number of vulnerabilities were found to be far higher in community-maintained images.
The ease of pushing and pulling images to and from Docker Hub, while making developers lives easier, has also made it easy for malicious actors to spread malware. Many cloud platforms like GCP, AWS and Azure have image vulnerability scanning built in. Docker Hub itself has a scanning tool that uses Snyk's analysis engine. Open source tools in this space include Clair and grype. A searchable database of all malicious images from the study can be found at https://malware.prevasio.com/. The complete report is available as a PDF.