<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Cybersecurity

Docker Hub: Exposing the Hidden Cost of Data Breaches

Brian Thomas | May 22, 2019

Big risks can come from small, sometimes unexpected places. When compared to all the other vendors you need to manage, you might not think of an image container for apps as a high priority — but the recent breach of Docker Hub shows otherwise.

What’s the big deal though, Docker Hub is just a place where developers put images, right? So what if it gets hacked?

Most organizations have a software DevOps team that uses repositories like Docker Hub or Veracode to store images. While images might initially seem innocuous, the Docker Hub breach exposes the simple truth that often it’s not the value of what is breached, but the scale of the reach.

Even though no financial or personal data was breached, the breach still exposed tens of thousands of logs, user tokens and hashed passwords. With the vast number of images stored in Docker Hub, that gives bad actors plenty of places to insert malicious code.

All this has a real business impact, beyond just what we typically associate with a breach.

As one commentator pointed out, it’s actually shocking how blindly most of the internet just pulls images from Docker Hub; as well as the degree to which accounts and projects are interconnected within Docker Hub. Tracking down exactly which assets were impacted will be an enormous task with serious implications for your organization. That’s because your DevOps team will now have to spend countless hours coming through image repositories and autobuilds, and looking for suspicious activity in their accounts and projects. They will also need to reset passwords, remove and replace all the images from compromised accounts and redo work that has already been done. Time spent doing that is time spent not doing the work that creates revenue for your business.

So many businesses rely on software development for essential business functions now that slowing down the dev pipeline is effectively slowing down the business, and has an impact on revenue generation that can be far reaching. Adding to the team’s woes is the fact that many DevOps teams may not always know exactly what their vendor inventory looks like, and since notifications are only sent to the account holder, so if a developer has been using a personal account or fails to notify the team, the lag from breach to remediation could potentially be fairly long -- if it’s even identified at all.

Breaches like Docker Hub expose a few issues that security teams need to address within their organization to prevent these kinds of headaches in the future.

  1. Vendor accounts need to be owned by the company and tied to an organizational email address. This allows organizations to keep positive control of accounts and be notified immediately when accounts are breached.
  2. Organizations need to keep a comprehensive inventory of their vendors. A recent study showed that 70% of organizations rely on third-party vendors... however 59% of cybersecurity breaches originate with third-parties, so keeping an up-to-date inventory of vendors and the systems they have access to is vital.
  3. A comprehensive third-party risk management program to understand the quantitative risk posed by third party vendors can help security teams prioritize their efforts. Risk is omni-present, but there are several factors that can help organizations understand where breaches may come from and what the implications are, which helps speed response times.

third party risk management

Suggested Posts

The Perfect Cyber Storm is Brewing. Are You Prepared?

Data breaches are never far from the news. Some recent headlines have even suggested that they’ve become the “new normal.” And while we haven’t seen a wide-scale attack since WannaCry was unleashed two years ago, a recent turn of events...

READ MORE »

Docker Hub: Exposing the Hidden Cost of Data Breaches

Big risks can come from small, sometimes unexpected places. When compared to all the other vendors you need to manage, you might not think of an image container for apps as a high priority — but the recent breach of Docker Hub shows...

READ MORE »

What the Marriott Breach Can Teach Us About Cybersecurity in the Tourism & Hospitality Industry

Last fall, news broke of the Marriott breach that compromised the records of up to 500 million customers. The data breach occurred through the IT company, a third party, that managed the Starwood reservation database.

READ MORE »

Subscribe to get security news and updates in your inbox.