Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-exposing cyberattacks, according to a report from cybersecurity firm Cyble.
Even though not all exposed instances are vulnerable to attacks or the loss of sensitive data, these misconfiguration practises may make companies attractive targets for TAs in the future, according to researchers.
Open-source Kubernetes is a system designed to automate containerized application deployment, scaling and administration.
There is no downtime in a production environment because K8s uses a combination of physical and virtual machines to create a uniform API.
For all these reasons, Kubernetes is a useful tool, but when it isn’t set up properly, it presents a risk of data exfiltration and other hacking attempts.
The Tesla cloud was breached in March 2018 due to improperly configured Kubernetes clusters, and in June 2020, cryptocurrency mining malware was spread across multiple clusters using a K8s toolkit that was infiltrated by hackers.
The open-source continuous delivery platform Argo CD has recently been found to have a vulnerability that allows attackers to access and exfiltrate sensitive information such as passwords and API keys.
Cyble researchers wrote in an advisory that “online scanners have made it easy for security researchers to find the exposure of assets.
As a result of the exposed Kubernetes instance for a particular organisation, malicious hackers can also conduct an investigation, increasing the risk of attack.”
After China and Germany, the Cyble analysis found that the United States had the most exposure.
Due to default settings, many of the clusters spotted by cybersecurity researchers were misconfigured.
Kubernetes Dashboard is vulnerable to data leakage because it is not password protected and the default service ports are open to the public. This puts businesses at risk.”
Cyble advised companies to keep Kubernetes up to date and remove debugging tools from production containers in order to avoid misconfigurations.
Additional security measures should be taken to ensure that Kubernetes API access is restricted to those who need it, and that critical assets and ports are protected to the greatest extent possible.
You can read Cyble’s full advisory here for more recommendations and technical details.
Share this article
About the Author
Rebecca James is an IT consultant with forward thinking approach toward developing IT infrastructures of SMEs. She writes to engage with individuals and raise awareness of digital security, privacy, and better IT infrastructure.
More from Rebecca JamesRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
Scammers trapping users via fake VPN services after anti-privacy bill
Recently signed by trump, the new broadband laws will allow ISPs to sell your data without any legal...
