Cybersecurity

Docker Hub: Exposing the Hidden Cost of Data Breaches

Brian Thomas | May 22, 2019

Big risks can come from small, sometimes unexpected places. When compared to all the other vendors you need to manage, you might not think of an image container for apps as a high priority — but the recent breach of Docker Hub shows otherwise.

What’s the big deal though, Docker Hub is just a place where developers put images, right? So what if it gets hacked?

Most organizations have a software DevOps team that uses repositories like Docker Hub or Veracode to store images. While images might initially seem innocuous, the Docker Hub breach exposes the simple truth that often it’s not the value of what is breached, but the scale of the reach.

Even though no financial or personal data was breached, the breach still exposed tens of thousands of logs, user tokens and hashed passwords. With the vast number of images stored in Docker Hub, that gives bad actors plenty of places to insert malicious code.

All this has a real business impact, beyond just what we typically associate with a breach.

As one commentator pointed out, it’s actually shocking how blindly most of the internet just pulls images from Docker Hub; as well as the degree to which accounts and projects are interconnected within Docker Hub. Tracking down exactly which assets were impacted will be an enormous task with serious implications for your organization. That’s because your DevOps team will now have to spend countless hours coming through image repositories and autobuilds, and looking for suspicious activity in their accounts and projects. They will also need to reset passwords, remove and replace all the images from compromised accounts and redo work that has already been done. Time spent doing that is time spent not doing the work that creates revenue for your business.

So many businesses rely on software development for essential business functions now that slowing down the dev pipeline is effectively slowing down the business, and has an impact on revenue generation that can be far reaching. Adding to the team’s woes is the fact that many DevOps teams may not always know exactly what their vendor inventory looks like, and since notifications are only sent to the account holder, so if a developer has been using a personal account or fails to notify the team, the lag from breach to remediation could potentially be fairly long -- if it’s even identified at all.

Breaches like Docker Hub expose a few issues that security teams need to address within their organization to prevent these kinds of headaches in the future.

  1. Vendor accounts need to be owned by the company and tied to an organizational email address. This allows organizations to keep positive control of accounts and be notified immediately when accounts are breached.
  2. Organizations need to keep a comprehensive inventory of their vendors. A recent study showed that 70% of organizations rely on third-party vendors... however 59% of cybersecurity breaches originate with third-parties, so keeping an up-to-date inventory of vendors and the systems they have access to is vital.
  3. A comprehensive third-party risk management program to understand the quantitative risk posed by third party vendors can help security teams prioritize their efforts. Risk is omni-present, but there are several factors that can help organizations understand where breaches may come from and what the implications are, which helps speed response times.

third party risk management

Suggested Posts

4 Ways to Mitigate Cyber Risk as Hackers Target COVID Researchers

As the U.S. biomedical community rushes to combat COVID-19, the FBI announced last week that, in a bid to win the race for a vaccine or cure, state-sponsored Chinese hackers are targeting U.S. researchers in an attempt to “obtain valuable...

READ MORE »

The Shifting Role of the Security Professional: Doing More With Less

The COVID-19 outbreak has seen the roles of many cybersecurity professionals change — and many worry what it will mean for protecting their organizations from attacks.

READ MORE »

BitSight Research Reveals Vulnerabilities in Point of Sales Systems

When people talk about cybersecurity risks, the first area that normally comes to mind is malware. Some might even consider that it’s the worst event that can happen, as it normally indicates that a malicious actor has already bypassed the...

READ MORE »

Subscribe to get security news and updates in your inbox.