Malware and backdoors tech are being used in attacks affecting many Fortune 500 companies.
Aqua Security, the pioneer in cloud native security, today announced a three-month-long investigation by its research team. Aqua Nautilus uncovered that Kubernetes clusters belonging to more than 350 organisations, open-source projects, and individuals, were openly accessible and unprotected.
A notable subset of clusters was connected to vast conglomerates and Fortune 500 companies. At least 60% of these clusters were breached and had an active campaign with deployed malware and backdoors.
The exposures were due to two misconfigurations, emphasising how known and unknown misconfigurations are actively exploited in the wild and can be catastrophic.
“In the wrong hands, access to a company’s Kubernetes cluster could be business ending. Proprietary code, intellectual property, customer data, financial records, access credentials and encryption keys are among the many sensitive assets at risk,” said Assaf Morag, lead threat intelligence analyst at Aqua Nautilus.
“As Kubernetes has gained immense popularity among businesses in recent years due to its undeniable prowess in orchestrating and managing containerised applications, organisations are entrusting highly sensitive information and tokens in their clusters. This research is a wakeup call about the importance of Kubernetes security.”
In the research, Nautilus highlights a well-known misconfiguration that allows anonymous access with privileges. The second less-known issue was a misconfiguration of the ‘kubectl’ proxy with flags that unknowingly exposed the Kubernetes cluster to the internet.
Impacted hosts included organisations across a variety of sectors, including financial services, aerospace, automotive, industrial and security, among others.
Most concerning were the open source projects and unsuspecting developers who could inadvertently trust and