Almost a Million Misconfigured Kubernetes Exposed, Could Lead to Data Breaches

An analysis from cybersecurity firm Cyble has found over 900,000 Kubernetes (K8s) exposed across the internet and thus vulnerable to malicious scans and / or data-exposing cyberattacks.

The researchers clarified that while not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practices might make companies lucrative targets for threat actors (TA) in the future.

For context, Kubernetes is an open-source system designed to automate the deployment, scaling and administration of containerized applications.

K8s rely on a combination of physical and virtual machines to create a uniform application programming interface (API) that ensures there is no downtime in a production environment.

While extremely useful for these reasons, when not properly configured Kubernetes can represent a vulnerability that could lead to data exfiltration and other hacking attempts.

For instance, back in March 2018, Tesla’s cloud was compromised due to insecurely configured Kubernetes clusters, and in June 2020, hackers infiltrated a K8s toolkit to spread cryptocurrency mining malware across multiple clusters.

More recently, security researchers from Apiiro discovered a vulnerability in the open-source continuous delivery platform Argo CD that lets attackers access and exfiltrate sensitive information like passwords and API keys from clusters.

“Online scanners have made it easy for security researchers to find the exposure of assets,” explained the Cyble researchers in an advisory.

“Regardless, at the same time, malicious hackers can also investigate the exposed Kubernetes instance for a particular organization, increasing the risk of attack.”

The Cyble analysis noticed that the United States has the highest exposure count, followed by China and Germany.

Many of the misconfigured clusters spotted by cybersecurity researchers were due to the use of default settings.

“Misconfigurations like utilizing default container names, not having the Kubernetes Dashboard protected by a secure password and leaving default service ports open to the public can place businesses at risk of data leakage.”

To avoid misconfigurations, Cyble said companies should keep Kubernetes updated to the latest version and remove debugging tools from production containers.

Further, Individuals with access to the Kubernetes API should have their permissions reviewed thoroughly and on a regular basis, and exposure of critical assets and ports should be limited as much as possible.

For additional recommendations and technical details, you can access the full text of Cyble’s advisory here.

Source

An analysis from cybersecurity firm Cyble has found over 900,000 Kubernetes (K8s) exposed across the internet and thus vulnerable to malicious scans and / or data-exposing cyberattacks.

The researchers clarified that while not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practices might make companies lucrative targets for threat actors (TA) in the future.

For context, Kubernetes is an open-source system designed to automate the deployment, scaling and administration of containerized applications.

K8s rely on a combination of physical and virtual machines to create a uniform application programming interface (API) that ensures there is no downtime in a production environment.

While extremely useful for these reasons, when not properly configured Kubernetes can represent a vulnerability that could lead to data exfiltration and other hacking attempts.

For instance, back in March 2018, Tesla’s cloud was compromised due to insecurely configured Kubernetes clusters, and in June 2020, hackers infiltrated a K8s toolkit to spread cryptocurrency mining malware across multiple clusters.

More recently, security researchers from Apiiro discovered a vulnerability in the open-source continuous delivery platform Argo CD that lets attackers access and exfiltrate sensitive information like passwords and API keys from clusters.

“Online scanners have made it easy for security researchers to find the exposure of assets,” explained the Cyble researchers in an advisory.

“Regardless, at the same time, malicious hackers can also investigate the exposed Kubernetes instance for a particular organization, increasing the risk of attack.”

The Cyble analysis noticed that the United States has the highest exposure count, followed by China and Germany.

Many of the misconfigured clusters spotted by cybersecurity researchers were due to the use of default settings.

“Misconfigurations like utilizing default container names, not having the Kubernetes Dashboard protected by a secure password and leaving default service ports open to the public can place businesses at risk of data leakage.”

To avoid misconfigurations, Cyble said companies should keep Kubernetes updated to the latest version and remove debugging tools from production containers.

Further, Individuals with access to the Kubernetes API should have their permissions reviewed thoroughly and on a regular basis, and exposure of critical assets and ports should be limited as much as possible.

For additional recommendations and technical details, you can access the full text of Cyble’s advisory here.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!