Cybersecurity

This misconfiguration security flaw has been hiding in plain sight

More than 350 parties are affected, including some of the biggest US companies.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A popular business tool for running applications in contained environments could unwittingly become your organization’s Achilles heel, according to new research from cloud protection firm Aqua Security.

Misconfigured Kubernetes clusters—commonly used to consolidate “source code, cloud accounts, and secrets into a single hub”—have allowed bad actors “anonymous access with privileges” and “unknowingly exposed the Kubernetes cluster to the internet,” Aqua’s Nautilus research team said on August 8.

After a three-month investigation, Nautilus reported that “60% of the clusters were actively under attack by cryptominers,” as well as by the Silentbob campaign, a TeamTNT botnet that routinely scans the web for new targets to infect with malware.

The weakness is widespread and affects more than 350 entities, including open-source projects and Fortune 500 companies across industries like finance, transportation, and security, according to the Aqua blog post. Three out of five “were breached and had an active campaign that deployed malware and backdoors,” the Nautilus team wrote.

“In the wrong hands, access to a company’s Kubernetes cluster could be business-ending. Proprietary code, intellectual property, customer data, financial records, access credentials, and encryption keys are among the many sensitive assets at risk,” Assaf Morag, lead threat intelligence analyst at Aqua Nautilus, said in a statement.

When Aqua researchers informed the compromised organizations about the vulnerabilities, the information was initially met with a shrug, Morag said. He noted that many companies overlooked the importance of shoring up their clusters because they considered them “just staging or testing environments.”

“We were amazed that the initial response was indifference,” he said. “However, once we showed them the full potential of an attack from an attacker’s perspective and the potential devastating impact on their organizations, they were all shocked and immediately resolved the issue. There is a clear lack of understanding and awareness regarding misconfiguration risks and their impact.”

Aqua suggested that other companies use the discovery to spur their own security checkups. The firm listed best practices including using built-in Kubernetes features to “limit privileges and enforce policies that bolster security,” as well as routinely taking stock of work environments with an eye toward abnormalities. Open-source tools and Aqua’s own platform can also help monitor for the threats, the company said.

“There is clearly a gap in security knowledge and management of Kubernetes,” Morag said. “These findings underscore the extensive damage that can result if vulnerabilities are not properly addressed.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B