Exploiting Kubernetes – the next frontier of cyber security

Christopher Rogers, technology evangelist at Zerto, a Hewlett Packard Enterprise company, discusses the biggest cyber security challenges to consider around Kubernetes

The adoption of Kubernetes continues to accelerate, with organisations now using it to deploy, scale and manage a wide variety of containerised applications. Its popularity among developers has seen the technology go mainstream and, according to a report from the Cloud Native Computing Foundation, usage is rising “across organisations globally, particularly in large businesses”.

There’s no doubt that the use of Kubernetes is maturing, with more organisations trusting the technology with critical applications and to accelerate application deployment times. For developers, the ability to spin up their own Kubernetes clusters required at a specific point in time has become a ‘no brainer’.

Unfortunately, the rise of Kubernetes has not gone unnoticed by cyber criminals and nation-state adversaries, who are beginning to develop file-less malware to weaponise Kubernetes clusters. This not only opens up the prospect of bad actors attempting to take down entire environments but, in effect, opens a new cyber frontier – from the core to the edge.

The situation at present is analogous to that seen with ransomware targeted at VMs several years ago. While IT teams are becoming aware of the existence of Kubernetes vulnerabilities, unlike ransomware, it hasn’t yet become a topic of discussion among organisational leaders. Yet, the risks are very real with a recent incident pointing to “an imminent campaign of cyber attacks against Kubernetes clusters”, according to reports.

New technologies, familiar problems

At present, it appears cyber criminals are targeting Kubernetes for some familiar and relatively basic reasons, such as exploiting credentials, using compute resources for cryptojacking purposes or shutting infrastructure down in an attempt to extort a ransom.

In the case of credentials exploits, Kubernetes is subject to the same principles of cyber security seen with VMs. For instance, many attacks are successful because organisations either don’t patch correctly, use multi-factor authentication or just fail to implement best practices around credentials.

These avoidable vulnerabilities can be compounded by the inherent flexibility offered by Kubernetes in that IT infrastructure operations professionals sometimes don’t even know that their own developers are spinning up containers. This means they can’t enforce the same best practices that they enforced with their physical servers with their virtual machines, or with their SaaS applications. As a result, history is repeating itself, but on new infrastructure or a new cloud-native application.

Don’t forget, Kubernetes is not inherently insecure, but its security relies on following common sense best practices and rolling more mature data protection policies into its implementation. However, the moment that organisations start trusting Kubernetes to run applications that use critical data, GDPR is automatically relevant and organisations are just as liable for the potential penalties that can follow a breach.

Core to edge vulnerability

The risks don’t end there, however. As organisations exponentially increase the number of endpoints, powered by technologies such as Kubernetes, they introduce more risk to the threat landscape. The problem is that across many sectors, rolling out more endpoints has become a strategic imperative — whether it’s toasters, doorbells or thermostats in the home to any number of industrial endpoints, each has the potential to offer a point of entry for bad actors.

Part of the problem is that Kubernetes exists in something of a ‘wild west’ ecosystem that is yet to see any formal standardisation. For example, there is currently no consensus around what the operating model looks like for a corporate company trying to remain secure when using Kubernetes. Until this develops, organisations need to ensure IT teams and employees alike are supporting the implementation of cyber security best practices.

From standard cyber hygiene to effective data protection, organisations that act now to prevent Kubernetes from being weaponised will be much better placed to enjoy the benefits it offers without introducing new levels of risk. Ensuring application resilience has become a mission-critical component for every modern digital enterprise, with capabilities such as replication and journaling technology enabling users to rewind to a previous checkpoint for low recovery point objectives and high flexibility and availability.

These are crucial considerations because Kubernetes is here to stay. Developers love the platform because it gives them the freedom they need to create, build, and run applications quickly; however, they share custody, as IT admins are responsible for staying in control and taking care of business continuity. Solving the enterprise security challenges of containerised applications will ensure developers can continue to use Kubernetes and containers without the need to change their workflows while guaranteeing data protection and compliance coverage.

Written by Christopher Rogers, technology evangelist at Zerto, a Hewlett Packard Enterprise company

Related:

Myths and misconceptions around Kubernetes — Felix Rosbach, CCISP, product manager at comforte AG, identifies the biggest myths and misconceptions around Kubernetes that leaders need to know.

How securing cloud data saved one business £18,000 — James Hunnybourne, cloud solutions director at Ultima, discusses how businesses can go about properly securing their cloud data and save thousands.

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com