Kubernetes has been evolving at a rapid pace. CISOs need to learn about emerging trends and developments in the space and the measures they can take to secure it from potential attacks.
As per a report from the Nautilus research team of Aqua Security, the year 2020 witnessed increased cyber-attacks targeting cloud-native supply chain and infrastructure. The report provides insights into the security threats that these platforms face, including fileless malware in containers, exploiting misconfigured Docker API ports and using container images that were relatively unsophisticated. However, the lack of sophistication did not prevent them from becoming successful. This shows that there are still some common security oversights that enterprises need to address, to prevent bad actors from exploiting their cybersecurity.
The most common target of threat actors to date has been to use compute cycles of crypto mining. But there is a shift being observed in the trajectory, and as more businesses adopt containers, the stakes will increase and more sophisticated attacks will follow. Hence, CISOs must prepare themselves to effectively address these concerns in 2021 as they may witness a large number of novel and sophisticated cyber-attacks.
Bad Actors focusing on exploiting misconfigured Docker API ports
2020 witnessed the emergence of an attack on misconfigured Docker API port. This method utilized deploying and running of malicious images that contained malware for evading static scanning. Furthermore, since it was only active in runtime, both packers and downloaders were able to evade static scanning, posing an even greater threat to the cybersecurity of an enterprise. Therefore, CISOs need to be aware of all possible threats that could compromise their infrastructure and working mechanisms. They must also use containers for developing applications as part of their digital transformation process.
With the rapid acceleration of digital transformation efforts, many enterprises have not been able to build a secure infrastructure that can tackle or mitigate the effects of cyber-attacks. With the Kubernetes environment of an enterprise, cyber-attackers are bringing greater focus towards breaching Kubernetes deployments, and becoming more sophisticated in their targeting.
Though bad actors exploited unprotected Kubernetes clusters, they primarily focused their efforts on a few common security oversights. Since the deployment of Kubernetes has increased, the scenario of common security threats too has changed.
Also Read: Bringing the CISO and CIO Together
When asked about what steps CISOs can take to secure their deployment of Kubernetes, Niraj Tolia, President and GM at Kasten, stated, “I think at the end of the day it is a multi-pronged approach. Particularly when talking about CISOs benchmarks that make sure the cluster is relatively locked down. Things like open source come out of the box with more locked down policies which are always good. But really, it’s a layered security approach where you look at your data, you look at your network, you look at your application interfaces, including Kubernetes. It is the application of these that will help you.”
The Kubernetes landscape is changing at a rapid pace. Even though the number of Kubernetes distributions has expanded in recent years, it is expected to shrink due to enterprises gravitating towards cloud-based Kubernetes offerings. Therefore, CISOs should collaborate with their counterparts to understand the various needs of Kubernetes and keep pace with the trends that emerge in this continuously evolving space