NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks

Supply chain risks, malicious attacks, and insider threats, are the main causes of concern

Kubernetes on a smartphone screen

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a new report to help systems administrators harden their Kubernetes environments and know the risks to such infrastructure.

Kubernetes clusters are often deployed in public and private clouds, as they provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, they are at risk from hackers looking to steal data. 

According to a published report, the three most common compromise sources in Kubernetes are supply chain risks, malicious threat actors, and insider threats. 

"Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service," the agencies said in a joint announcement

"Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network's underlying infrastructure for computational power for purposes such as cryptocurrency mining."

The report recommended IT administrators scan containers and pods for vulnerabilities or misconfigurations, run containers and pods with the least privileges possible, and use network separation to control the damage a compromise can cause. 

The report also urged administrators to use firewalls to limit unneeded network connectivity, encryption to protect confidentiality, and strong authentication and authorization to limit user and administrator access and limit the attack surface. 

Related Resource

The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

Total economic impact of Mimecast - whitepaper from MimecastDownload now

Administrators should also use log auditing to monitor activity and be alerted to potential malicious activity. The guidance also suggested all Kubernetes settings should be periodically reviewed and “use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.”

The advisory also went into more detail about particular threats. It said that with supply chain risks, an adversary may subvert any element that makes up a system, including product components, services, or personnel that help supply the end product.

"The security of applications running in Kubernetes and their third-party dependencies relies on the trustworthiness of the developers and the defense of the development infrastructure. A malicious container or application from a third party could provide cyber actors with a foothold in the cluster," said the advisory.

The advisory also warned that Kubernetes architecture exposes several APIs that cyber actors could potentially leverage for remote exploitation. The Kubernetes control plane has a variety of components that communicate to track and manage the cluster. “Cyber actors frequently take advantage of exposed control plane components lacking appropriate access controls,” the report said.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022