Many Kubernetes clusters exposed and unprotected

By Dylan Bushell-Embling
Monday, 14 August, 2023

Enterprises are potentially exposing themselves to attack by maintaining openly accessible and unprotected Kubernetes clusters, according to cloud native security company Aqua Security.

A three-month investigation by the company’s research team Aqua Nautilus uncovered Kubernetes clusters belonging to more than 350 organisations, open-source projects and individuals that were freely accessible over the internet.

Some of these clusters were connected to major companies including members of the Fortune 500. At least 60% of these clusters were already breached and had an active campaign with deployed malware and backdoors, the research found.

The exposures were down to just two misconfigurations, Nautilus said, including a well-known misconfiguration that allows anonymous access with privileges. The second, less well-known issue involved a misconfiguration of a proxy which unknowingly exposed the Kubernetes cluster to the internet.

Aqua Nautilus lead threat intelligence analyst Assaf Morag said the findings highlight how known and unknown misconfigurations can have catastrophic consequences.

“In the wrong hands, access to a company’s Kubernetes cluster could be business ending. Proprietary code, intellectual property, customer data, financial records, access credentials and encryption keys are among the many sensitive assets at risk,” he said.

“As Kubernetes has gained immense popularity among businesses in recent years due to its undeniable prowess in orchestrating and managing containerised applications, organisations are entrusting highly sensitive information and tokens in their clusters. This research is a wake-up call about the importance of Kubernetes security.”

Image credit: iStock.com/LuckyStep48