Kubernetes' market share continues to grow as organizations increase their use of containerized software and adopt cloud architectures. According to a Cloud Native Computing Foundation (CNCF) survey, Kubernetes use rose from 58% in 2018 to 91% in 2020.
However, along with rapid growth, Kubernetes has already experienced a fair share of cyberattacks, with six major ones last year alone (CVE-2020-14386, CVE-2020-2121, CVE-2020-8558, CVE-2020-8559, CVE-2020-10749, and CVE-2020-8557). This trend will most likely continue or even accelerate. As more Kubernetes clusters are put into production, bad actors will be motivated to find more security holes.
Kubernetes containers often have loose security settings, sometimes by default, that hackers can leverage to execute a cyberattack. Lightspin inspected where our clients use "privilege" mode, which provides almost unrestricted access to resources on the host system; "privilege escalations," where processes are given expanded privileges; and "run as root," which allows unrestricted container management. Three-quarters of the companies surveyed matched one or more of the issues, and the average percentage of pods affected was nearly 25%. These permissions are often used for development purposes but present an unacceptable level of risk when containers are put into production.
Why Kubernetes Is an Easy Target
Some increases in attacks targeting Kubernetes are due to new trends in development environments. With the move to break systems down into smaller functions, many IT teams are developing microservices that each require authentication and access control and thereby open a new attack surface. Microservices tend to be highly volatile, with the ability to move and pop in and out, making it hard to defend all their respective entry points from hackers.
Cloud environments are becoming more complex, consisting of thousands of cloud assets from multiple vendors. Often, there is confusion about the borders of security between internal organizations and cloud vendors. Gartner research indicates that about 95% of cloud security breaches through 2022 will come from customer errors fueled by misconfigurations, myths, and misunderstandings. According to our internal research, it can take 270 days on average for organizations to even notice they have a misconfiguration issue gumming up their security. That gives hackers plenty of time to access systems and files and collect proprietary and confidential data.
Kubernetes ecosystems are often constructed from various third-party open source components, making it difficult to enforce standard implementations that include proper configurations and security authorizations. This lack of control is aggravated by an emphasis on speeding product delivery. DevOps deployments often race ahead of security, introducing new functions or services that are unprotected and increasing the attack surface.
Guidelines to Protect Against Vulnerabilities
Kubernetes comes with security controls that need to be customized for each organization and its risks. Since the programming environment is highly volatile, the process needs to be updated constantly. Here are some general guidelines to consider:
The best strategy is to focus on the attack paths that threaten the most vulnerable and valuable assets. Security systems that monitor traffic for anomalies can create an excessive number of alerts that take up valuable time. But by focusing on the assets you want to protect and protecting the cloud from the inside out, you can home in on the most urgent threats.
The race to innovate faster in our online digital economy is creating more attack surfaces that introduce a higher risk of data breaches. Having full visibility into all Kubernetes components, minimizing access to assets, and focusing on the attack path can secure environments while making the best use of security personnel. Understanding each threat's context is the best way to assess priorities and take action to protect sensitive data and prevent data breaches.Or Azarzar is the Co-Founder and CTO of Lightspin, leading the company's development, security research, and engineering operations. As an innovative security product builder, he is a thought leader in the area of defensive and offensive product research and development. ... View Full Bio