IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks

Supply chain risks, malicious attacks, and insider threats, are the main causes of concern

Kubernetes on a smartphone screen

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report to help systems administrators harden their Kubernetes environments and know the risks to such infrastructure.

Kubernetes clusters are often deployed in public and private clouds, as they provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, they are at risk from hackers looking to steal data. 

According to a published report, the three most common compromise sources in Kubernetes are supply chain risks, malicious threat actors, and insider threats. 

"Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service," the agencies said in a joint announcement

"Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network's underlying infrastructure for computational power for purposes such as cryptocurrency mining."

The report recommended IT administrators scan containers and pods for vulnerabilities or misconfigurations, run containers and pods with the least privileges possible, and use network separation to control the damage a compromise can cause. 

The report also urged administrators to use firewalls to limit unneeded network connectivity, encryption to protect confidentiality, and strong authentication and authorization to limit user and administrator access and limit the attack surface. 

Related Resource

The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

Total economic impact of Mimecast - whitepaper from MimecastFree download

Administrators should also use log auditing to monitor activity and be alerted to potential malicious activity. The guidance also suggested all Kubernetes settings should be periodically reviewed and “use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.”

The advisory also went into more detail about particular threats. It said that with supply chain risks, an adversary may subvert any element that makes up a system, including product components, services, or personnel that help supply the end product.

"The security of applications running in Kubernetes and their third-party dependencies relies on the trustworthiness of the developers and the defense of the development infrastructure. A malicious container or application from a third party could provide cyber actors with a foothold in the cluster," said the advisory.

The advisory also warned that Kubernetes architecture exposes several APIs that cyber actors could potentially leverage for remote exploitation. The Kubernetes control plane has a variety of components that communicate to track and manage the cluster. “Cyber actors frequently take advantage of exposed control plane components lacking appropriate access controls,” the report said.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

NOAA unveils two new supercomputers in effort to better predict extreme weather
high-performance computing (HPC)

NOAA unveils two new supercomputers in effort to better predict extreme weather

29 Jun 2022
Google aims to court US public sector with new division
public sector

Google aims to court US public sector with new division

29 Jun 2022
Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022