Security & Compliance Blog

The countdown to doomsday has begun, are you ready?

2 minute read
Eric Anderson

The Countdown has begun

To be specific, the docker vulnerability dubbed Doomsday was exposed to the world just over 30 days ago. It’s a bad one, and has the potential to spread to your entire container ecosystem. If you follow the cyber security industry, you know that on average we start to see exploits and hacks showing up within 30 days. A patch has been available for several weeks now, are you ready? This is a vulnerability that allows malicious code to jump from container to container until it spreads, undetected throughout your entire system.

The closest (recent) example we had was WannaCry back in 2017. Within a single day, the code jumped from one system to more than 230,000, encrypting hard drives as it went. Let me ask you, if WannaCry did not show itself so quickly (encrypting your hard drive and demanding a ransom), how far would it have spread?

The need to take action

Why take action? To start, you must understand the difference between the attack vector (or hack) and the payload (or malicious code). With Doomsday, we know the attack vector (a specific vulnerability in docker), but the payload could potentially be anything. I’m sure there are many malicious actors right now utilizing that attack vector to inject MANY different kinds of payloads into containers. Some may be injecting key loggers, scanning for databases, or opening a back door into your network. How damaging and widespread do you think WannaCry would have been if it’s payload was a silent piece of code that did not immediately expose itself, but went on for days/weeks/months logging your keystrokes and reporting your secrets home? This is the situation that’s about to hit the world.

A doomsday hack starts by either download loading a base container that has malicious code or utilizing a 3rd party library inside your container that has been exposed. Unfortunately, sysadmins frequently utilize the first base container they find, without really inspecting the source. Likewise, developers use 3rd party libraries to help accelerate their development velocity. Neither is uncommon at all, and both have the ability to kick off this scenario in your environment.

How BMC can help

There is a bit of good news though, at BMC, we have decades of experience in automation that addresses problems just like this. Anybody that was using Truesight Cloud Security (TSCS) had zero concerns. Part of the docker best practices and CIS standards (which TSCS enforces) would have prevented the spread of code past the initial infected container, limiting the impact to just one. Truesight Vulnerability Manager was designed to help IT Ops and Security rapidly assess how and where the vulnerabilities exist, then integrate with an automation engine like Truesight Server Automation to automate the resolution of these issues.

Automation is the best weapon you have against the ticking clock. When hackers are exploiting new vulnerabilities within weeks, yet the industry on average takes 84 days to patch, we have a huge gap in our security practices. Let us help you close that gap and protect your environment.

Contact our sales department for help

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.


These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Eric Anderson

Eric Anderson is a life-long technologist who specializes in Cybersecurity, Cloud and Datacenter automation. He has over 25 years of experience in IT management and software development across a wide range of industries. He has been involved in, and researching the cybersecurity industry since the late 1990s.