Kubernetes and cloud-native security threats

Kevin Reed, CISO, Acronis

By Kevin Reed, CISO, Acronis

Kubernetes is the latest disruptive technology in the cloud-native world. In the last decade, microservice architecture has focused on creating agile and reliable small independent services. Further, containers have made microservice architecture successful as they are a natural fit with scalability and portability.

As the number of containers increased and spread over data centers, it became impossible to manage containers in the cloud. Kubernetes has evolved as the de facto container management platform and made it possible for cloud-native microservice applications to run quickly on the cloud.

All major cloud providers offer Kubernetes as a managed service, where you can click a couple of buttons to create a cluster and get started. In addition, it is possible to deploy and manage Kubernetes in on-premises data centers as it is an open-source project.

Kubernetes increases software scalability and availability while optimizing IT costs. It also offers flexibility in multicloud environments. However, Kubernetes is not secure by default — and it comes with various novel security risks.

This article will first discuss the cloud-native attack surface and its challenges. Then we will focus on Kubernetes security events and the latest attacks.

Cloud-native attack surface and challenges

Cloud-native modern architecture is made up of multiple layers, including applications, container orchestrators, and infrastructure. Applications consist of small and portable containers that run with many instances. Orchestrators like Kubernetes manage the container instances and distribute them over the infrastructure.

In the infrastructure layer, there are nodes, networks, and storage from cloud providers. Each layer of this cloud-native architecture creates a novel attack surface for threats. The top five potential challenges concerning attack surfaces are as follows:

1.Misconfiguration and exposures

Cloud infrastructure, Kubernetes, and microservice applications are highly configurable with a broad set of options. A regular day for a cloud-native application operator consists of managing the configurations — a challenging task, since the wrong configuration could make the applications unavailable. Similarly, setting the wrong network policy could expose sensitive database instances to external systems. Therefore, it is critical to have some guardrails for misconfigurations.

  1. Unclear security perimeters

Cloud-native applications and containers create an interdependent stack of multiple components. For instance, it is typical to use cloud services, virtual nodes in the datacenters, and networks simultaneously. Therefore, defining a security perimeter and protecting it isn’t easy. It requires a well-defined architecture and security concept to protect cloud-native applications running on the cloud.

  1. Container security

Containers are small packages with operating systems, application executables, and dependencies. One of these container components might well carry vulnerabilities. It is critical to have scanned and secure container images, considering that they run on the scale of hundreds of instances in a regular Kubernetes cluster.

  1. Runtime security

Even if you secure cloud services and scan containers for vulnerabilities, there are threats in the runtime phase. In the runtime phase, applications packaged as containers run on the virtual nodes. It is critical to ensure that applications do not expose data while they run, and that they have limited access to external systems.

  1. Observability

Flexibility and scalability are the main benefits of modern cloud-native applications. However, monitoring distributed applications and creating a holistic observability of the whole stack is a critical requirement. Without observability, it is impossible to know the exact status of applications, Kubernetes clusters, nodes, and infrastructure.

Kubernetes security

Kubernetes is the indisputable leader in container orchestration, and it has a solid place in the future of the cloud. According to the 2021 annual survey of the Cloud Native Computing Foundation (CNCF), 96% of the responding organizations use or plan to use Kubernetes in production.

Nonetheless, it would be a mistake to consider Kubernetes as a safe platform based on its high market share. A 2020 survey by StackRox on Kubernetes security revealed that 90% of respondents had experienced a security incident in their Kubernetes environment in the previous year.

A study on Kubernetes adoption and security done by Red Hat in May 2022 shows that the same problems continue to occur:

  • 94% of the participants experienced at least one security incident in Kubernetes
  • 59% of the participants mentioned security is their biggest concern over continuing their Kubernetes journey
  • 55% of the participants needed to delay application release because of a Kubernetes security issue

Since the introduction of Kubernetes, its clusters have repeatedly been targeted in significant security incidents like siloscape attacks and cryptojacking. Siloscape is an obfuscated malware that operates in Windows containers. It opens a backdoor when Kubernetes clusters are poorly configured and gives access to hackers. Once hackers can reach Kubernetes clusters, they can run malicious software and access sensitive data, leveraging it into a ransomware attack.

Kubernetes clusters of Tesla were breached through exposed Kubernetes dashboard data and then used for mining cryptocurrencies in a 2018 attack. The latest events in the Kubernetes ecosystem and the above surveys both show that Kubernetes is by default not secure, and there’s a growing need for modern cloud-native approaches and tooling.

LEAVE A REPLY

Please enter your comment!
Please enter your name here