A couple of high-profile container breaches have shown that lax security can be a real gold mine for hackers.
Tesla’s, for starters, began with a Kubernetes misconfiguration. The team left the admin console control panel open — without a password.
“There’s a lot of hackers who get in then deploy crypto-mining tools. They’re basically using Tesla’s resources to mine for coins,” says Kashif Zaidi, principal consultant at Aqua Security. In a Jenkins breach, a misconfig was money in the bank. “They made three million dollars, then those guys could afford to buy a Tesla.”
Zaidi discussed these notable crypto-jacking breaches using container technologies and general vulnerabilities in a container environment at a recent meetup hosted by Nebulaworks. The Docker Hub breach happened under a similar situation. Hackers found images that had backdoor access so when people deployed those images, hackers were notified, then they could log on and deploy crypto-mining tools.
“These are major examples, but if you Google container breaches you’ll find there’s so many examples of people getting hacked and they’re all pretty much doing crypto mining tools,” Zaidi says. “It’s easy and it is really untraceable. The coin goes somewhere and someone makes money.”
Security is best introduced at build time, he says. “The best practice to integrate with your CI/CD to introduce security early on.” That way you’ll avoid having to drop everything to fix it.
What’s another way can you avoid becoming the next cash cow for hackers? Monitor, monitor, monitor. A survey found that 92 percent of IT and security professionals reported concerns about security risks due to misconfiguration. Despite that, fewer than a third are continuously monitoring for misconfiguration. And while 82 percent reported security and compliance incidents due to cloud infrastructure misconfiguration, few companies have automated remediation processes that can prevent them.
Tools you can use
Zaidi says that Kube Bench, a Go application available on GitHub and developed by Aqua, can help change that. The application that checks whether Kubernetes is deployed according to security best practices. It runs the checks documented the CIS Kubernetes Benchmark and tests are configured with YAML files, making it easy to update as test specifications evolve.
MicroScanner is another tool Aqua developed and available on GitHub that lets you check your container images for vulnerabilities. If your image has any known high-severity issue, MicroScanner can fail the image build, making it easy to include as a step in your CI/CD pipeline.
Catch the whole hour-long presentation below.
Cover photo // CC BY NC