US CISA and NSA released new guidance that provides recommendations to harden Kubernetes deployments.
Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. In recent months the number of cyberattacks against misconfigured Kybernetes systems has surged, threat actors mainly used the to illegally mine cryptocurrencies.
The guidance details the security challenges associated with setting up and securing a Kubernetes cluster. The advisory also includes recommendations to harden the installs and to properly configure them.
It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations.
Below is the list of mitigations provided by the US agencies:
The guidance states that the three common sources of compromise in Kubernetes are supply chain risks, malicious threat actors, and insider threats.
“Supply chain risks are often challenging to mitigate and can arise in the container build cycle or infrastructure acquisition. Malicious threat actors can exploit vulnerabilities and misconfigurations in components of the Kubernetes architecture, such as the control plane, worker nodes, or containerized applications. Insider threats can be administrators, users, or cloud service providers. Insiders with special access to an organization’s Kubernetes infrastructure may be able to abuse these privileges.” states the guidance.
(SecurityAffairs – hacking, LockBit 2.0)