NSA, CISA release Kubernetes hardening guidance
The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released Kubernetes Hardening Guidance, a 59-page technical report detailing threats to Kubernetes environments.
Kubernetes is a popular open source software that automates the deployment, scaling, and management of applications run in containers, making it an attractive target for malicious actors. Over the past few years, numerous attacks were observed targeting misconfigured Kubernetes installs. For example, earlier this month security researchers at Intezer warned of a new series of attacks targeting Kubernetes (K8s) clusters via misconfigured Argo Workflows instances to deploy cryptomining software.
“Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining,” NSA said.
The hardening guidance detailed in the joint technical report is designed to help organizations minimize risks associated with the use of Kubernetes. It provides basic mitigations that companies and organizations can implement to harden their Kubernetes systems. These include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.
The full Kubernetes Hardening Guidance is available here.
