Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-exposing cyberattacks, according to a report from cybersecurity firm Cyble.
Even though not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practises may make companies attractive targets for TAs in the future, according to researchers.
Open-source Kubernetes is a system designed to automate containerized application deployment, scaling and administration.
There is no downtime in a production environment because K8s uses a combination of physical and virtual machines to create a uniform API.
For all these reasons, Kubernetes is a useful tool, but when it isn’t set up properly, it presents a risk of data exfiltration and other hacking attempts.
The Tesla cloud was breached in March 2018 due to improperly configured Kubernetes clusters, and in June 2020, cryptocurrency mining malware was spread across multiple clusters using a K8s toolkit that was infiltrated by hackers.
The open-source continuous delivery platform Argo CD has recently been found to have a vulnerability that allows attackers to access and exfiltrate sensitive information such as passwords and API keys.
Cyble researchers wrote in an advisory that “online scanners have made it easy for security researchers to find the exposure of assets.
As a result of the exposed Kubernetes instance for a particular organisation, malicious hackers can also conduct an investigation, increasing the risk of attack.”
After China and Germany, the Cyble analysis found that the United States had the most exposure.
Due to default settings, many of the clusters spotted by cybersecurity researchers were misconfigured.
Kubernetes Dashboard is vulnerable to data leakage because it is not password protected and the default service ports are open to the public. This puts businesses at risk.”
Cyble advised companies to keep Kubernetes up to date and remove debugging tools from production containers in order to avoid misconfigurations.
Additional security measures should be taken to ensure that Kubernetes API access is restricted to those who need it, and that critical assets and ports are protected to the greatest extent possible.
You can read Cyble’s full advisory here for more recommendations and technical details.
Share this article
About the Author
Rebecca James is an IT consultant with forward thinking approach toward developing IT infrastructures of SMEs. She writes to engage with individuals and raise awareness of digital security, privacy, and better IT infrastructure.
More from Rebecca JamesRelated Posts
Microsoft Warns of New OAuth Phishing Attacks Targeting Cloud Accounts
Microsoft is warning of new cyber attacks using OAuth redirect features to abuse user authentication...
Conduent Ransomware Attack Exposes Data of Over 15 Million Americans
Conduent suffered a ransomware attack that exposed the personal data of 15.4 million Texans and many...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
