 Time here from Lawrence Systems, and do you trust your Docker image source? Docker image crypto-jacking and malware attacks have been on the rise since at least 2018 and now at least 30 malicious images in Docker hub with a collective 20 million downloads have been used to spread crypto mining malware according to analysis done by security researchers over at Palo Alto's unit 42 and I'll link to the relevant threat post article that kind of breaks this down and by the way This only is really narrowed down to crypto mining and narrowed down to what these researchers found This is by no means an exhaustive list of security auditing when it comes to Docker and this is a real problem and I should say specifically with Docker hub There's not a fundamental problem with Docker or containerization It's a fundamental problem of where you get these images from and do you trust those images? Let's take a quick look over here. We have 5.8 million images available. That's amazing That sounds like a wealth of knowledge put together and this is a common solution people come up with when they go I'm not sure how to set up a verse proxy I'm not sure how to set up media wiki or in certain name of many other projects So they just grab a Docker image and this is often a forum post reply where oh, it's not that hard to set it up You just use Docker don't take the time to actually learn how to set these tools up And I get it time is very important and especially when you're starting out in tech the instant solution is Slap a docker image in and it already has everything configured for you But the downside is when you narrow this down to verified publishers we go from 5.8 million to 593 available images which may not be images that you are Looking for or may not have the tools that you're looking for and this is really just a cautionary tale of we don't know What all is in there as security researchers try to comb through this they're finding more and more problems And if you look up something like media wiki There is a official docker images for it But if you look broadly for media wiki, there are 741 results in here not all of them are full media wiki But there's a lot of people setting things up in here and do you trust this person? Of course, this one hasn't been updated in three years. So maybe there's some vulnerabilities in there Just don't know there's been a lot of issues before and of course we can narrow this down There is only really one true media wiki published officially and there's even an update 14 hours ago, which is awesome But there are a lot of issues with having random people maintain it They may only maintain something for a little while and have no ill intent They just get busy it starts as a project and they kind of forget about that project They quit using it But you keep using and looking for an updated version of that image and there's just a security vulnerability hanging out in there So you have to be very careful where you get these from make sure they're from official sources Make sure that you vet who is producing a docker image and vet that it is properly done and maintained Example we use here is bit warden We get the official bit warden docker image from officially bit warden and make sure it's always on the latest version in all the Version numbers match. It's a little bit of extra security on the front end But it saves you a big disaster on the back end because crypto mining is probably just the tip of the iceberg Imaginers all kinds of not just vulnerabilities But purposely put in backdoors and many of these doctor images that are randomly maintained that you may not know about at all It may just be something that comes up because you're trying to figure out and audit your networking You're like, why does my network keep calling out to all these other IPs or why is it doing the things it is and you're not sure Why and you're like, oh that container might be the reason why and especially if you're using it to you know Do something inside your network like a media wiki and putting documentation and putting information here Is it exfiltrating all that data? These are really important questions. You have to ask I think anything you want to pull from the image if you put it in its own sandbox and want to play with something for testing But when it comes to production You really want to make sure you're getting official images or take the time to learn the product to yourself and make sure you understand that tool make sure you understand how to set that project up and Get it running and understand all the security around it Especially if you're gonna make any of this public-facing or allow it to have any outside access So I'll leave a link to the article so you can read through there. Unfortunately that article does not list a Exhaustive list of which docker images were there, but they list some of the user names and at least say they were all taken down So you can kind of go from there if you found out that you're pulling from one of the user names listed in the research links Then yeah, that's probably bad and you should replace those docker images immediately unless you just want to contribute to their Crypto mining campaign. Thanks and thank you for making it to the end of this video If you enjoyed this content, please give it a thumbs up If you like to see more content from this channel hit the subscribe button and the bell icon to hire a sure project head over to Lawrence systems calm and click on the highest button right at the top to help this channel out in other ways There's a join button here for YouTube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt Store where we have a wide variety of shirts and new designs come out Well randomly so check back frequently and Finally our forums forums that Lawrence systems commas where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos