New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.
An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments. Improperly configured Kybernetes systems, however, may expose the applications to various types of attacks, including data theft, cryptomining, and denial-of-service (DoS) attacks.
Kubernetes systems are mainly compromised through the supply chain, by malicious threat actors, or insider threats, the new CISA and NSA advisory titled Kubernetes Hardening Guidance notes.
The advisory details the security challenges associated with deploying and securing Kubernetes clusters, while also sharing hardening strategies that administrators and developers can apply to avoid common misconfigurations and improve the security of their deployments.
Aimed at Department of Defense, Defense Industrial Base, and National Security Systems employees, the guidance is applicable in the private sector as well.
Recommended mitigations, the two agencies say, include scanning containers and Pods for vulnerabilities, running them with the least privileges possible, using network separation, deploying firewalls and encryption, employing strong authentication and authorization to limit the attack surface, auditing logs to identify suspicious activity, and periodically reviewing settings to identify risks.
CISA and NSA recommend that administrators follow the provided guidance and keep their systems updated at all times, to further minimize risks. Periodically performing settings and vulnerability scans should also help identify and mitigate risks.
Related: Threat Actors Target Kubernetes Clusters via Argo Workflows
Related: Kubeflow Deployments Targeted in New Crypto-mining Campaign
More from Ionut Arghire
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
- New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
- CISA Seeks Public Opinion on Cloud Application Security Guidance
Latest News
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
