NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks

Supply chain risks, malicious attacks, and insider threats, are the main causes of concern

Kubernetes on a smartphone screen

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report to help systems administrators harden their Kubernetes environments and know the risks to such infrastructure.

Kubernetes clusters are often deployed in public and private clouds, as they provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, they are at risk from hackers looking to steal data. 

According to a published report, the three most common compromise sources in Kubernetes are supply chain risks, malicious threat actors, and insider threats. 

"Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service," the agencies said in a joint announcement

"Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network's underlying infrastructure for computational power for purposes such as cryptocurrency mining."

The report recommended IT administrators scan containers and pods for vulnerabilities or misconfigurations, run containers and pods with the least privileges possible, and use network separation to control the damage a compromise can cause. 

The report also urged administrators to use firewalls to limit unneeded network connectivity, encryption to protect confidentiality, and strong authentication and authorization to limit user and administrator access and limit the attack surface. 

Related Resource

The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

Total economic impact of Mimecast - whitepaper from MimecastDownload now

Administrators should also use log auditing to monitor activity and be alerted to potential malicious activity. The guidance also suggested all Kubernetes settings should be periodically reviewed and “use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.”

The advisory also went into more detail about particular threats. It said that with supply chain risks, an adversary may subvert any element that makes up a system, including product components, services, or personnel that help supply the end product.

"The security of applications running in Kubernetes and their third-party dependencies relies on the trustworthiness of the developers and the defense of the development infrastructure. A malicious container or application from a third party could provide cyber actors with a foothold in the cluster," said the advisory.

The advisory also warned that Kubernetes architecture exposes several APIs that cyber actors could potentially leverage for remote exploitation. The Kubernetes control plane has a variety of components that communicate to track and manage the cluster. “Cyber actors frequently take advantage of exposed control plane components lacking appropriate access controls,” the report said.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Researchers disclose top flaws abused by ransomware gangs
ransomware

Researchers disclose top flaws abused by ransomware gangs

20 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021
How do hackers choose their targets?
hacking

How do hackers choose their targets?

17 Sep 2021
Owner of DDoS for hire sites found guilty of hacking offences
distributed denial of service (DDOS)

Owner of DDoS for hire sites found guilty of hacking offences

17 Sep 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021