The NSA recently released guidance regarding Kubernetes to aid organizations in deploying the open-source platform without exposing it to hackers seeking to steal data and processing power. The application is utilized by organizations for managing containerized applications. The guidance was a joint publication that was also authored by the DHS’s Cybersecurity and Infrastructure Security Agency, with a goal to minimize risk and make users aware of key threats and configurations. The publication states that Kubernetes is often targeted for three reasons: data theft, denial of service, and computational power theft.
Although data theft is typically the primary motivation observed in attacks targeting Kubernetes, the agencies state that malicious actors may also be attempting to gain computational power to conduct other tasks such as cryptocurrency mining. A recent crypto-mining campaign was recently revealed, in which attackers were using misconfigured Kubernetes deployments to drop the miners on enterprise hardware. Although the guidance wasn’t out of the ordinary for the agencies, the report offers a valuable and in-depth analysis of applying standard security mitigations to ensure that the application is secure. These include running containers and pods with the least amount of privileges possible, using network separation and firewalls, deploying strong authentication, and actively scanning containers and pods for vulnerabilities or misconfiguration.
Read the Full Report: Kubernetes Hardening Guidance