As containerized solutions like Docker and Kubernetes started gaining ground, containers were used by organizations as on-premise solutions. They allow developers to spend more time fine-tuning their applications without having to dwell on environmental setups. The containerized software can be used “out of the box” regardless of the user’s technical know-how. On the other hand, the increasing popularity of containerized solutions is naturally drawing attention from cybercriminals and other malicious actors. In this talk, we discuss the security gaps — and the risks and impact that come with them — that may be overlooked when using containerized solutions. These are demonstrated by the real-world attacks and examples we observed in 2018 — ranging from misconfiguration issues that led to malicious image deployment to container escapes, as is the case for the runC vulnerability (CVE-2019-5736).
Presented at Security Fest 2019.Speaker: David Fiser
David started as a malware analyst at AVAST in 2010. He handled malware analysis, signature creation, and back end data analysis, and has published several researches. One of David’s researches, which focused on improving malware detection capabilities, was presented at Computer Antivirus Research Organization (CARO) Workshop and Anti-Virus Asia Researchers (AVAR) conference in 2016. David has been with Trend Micro since 2017, focusing on vulnerability research as well as cloud and container security.