Analysis on Docker Hub malicious images: Attacks through public container images

The analysis of Docker Hub by the Sysdig Threat Research Team reveals significant security risks associated with public container images, as attackers have increasingly used containers as an attack vector to distribute malicious payloads. This research involved examining over 250,000 Linux images, excluding official and verified ones, to detect embedded threats such as cryptominers and secrets, which could expose users' environments to high risks. Malicious actors often disguise harmful images as legitimate software, a tactic known as typosquatting, to deceive users into downloading and deploying them. The investigation highlights the importance of scrutinizing container images for security flaws before deployment, reinforcing the need for organizations to implement preventive and detective measures to protect cloud and container workloads. The findings have enabled Sysdig to create a feed of known malicious container images, allowing users to identify and respond to these threats effectively.