Attivo Networks Blogs

Kubernetes security: 4 areas to focus on


Security experts widely agree on a prediction for Kubernetes in 2019 and beyond: As adoption increases, so will the risks – as has been the case for many enterprise technologies, such as mobile.

“The highly dynamic nature of container environments orchestrated by Kubernetes presents of number of specific security challenges that are only going to become more prominent as enterprise adoption increases,” says Gary Duan, CTO and co-founder NeuVector.

As Kubernetes’ star rises, it becomes a more interesting target for bad guys.

“The rapid rise in adoption of Kubernetes is likely to uncover gaps that previously went unnoticed on the one hand, and on the other hand gain more attention from bad actors due to a higher profile,” says Amir Jerbi, CTO at Aqua Security.

One notable such gap came to light in late 2018: CVE-2018-1002105, a privilege escalation vulnerability.

In a blog post, Ashesh Badani, vice president and general manager, OpenShift, Red Hat, put the issue in plain terms: “This is a big deal.”

“The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes cluster,” Badani explained. “Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

OpenShift quickly released updates to address the issue, as did the underlying Kubernetes project. “This”, as Mike Bursell, Chief Security Architect at Red Hat points out, “is one of the benefits of deploying a product with both an active community and commercial support. The response to the problem was very swift, and the community is working to improve the security of the project as a whole.”

“CVE-2018-1002105 served as a warning shot to the DevOps and IT security world that unsecured Kubernetes clusters can and will be targeted and exploited,” Duan says.

Experts point to several overlapping categories of issues that deserve focus moving forward. These include:

1. Application and environment misconfigurations

A misconfiguration can mean a vulnerable container, which then potentially enables an attacker greater access within that container’s environment, as well as other potential risks.

“Application misconfigurations or vulnerabilities can leave Kubernetes containers running in pods exposed to compromise, allowing attackers to then probe the environment for further weaknesses,” Duan says. “Attackers will then seek to establish unauthorized connections between pods to disrupt applications or gain access to sensitive data.”

Misconfigurations – which in some cases may be a matter of simply not paying attention to configurations – will be a considerable source of risk as more organizations deploy containerized applications to production environments, according to Chris Roberts, an advisor at Attivo Networks.

“How many of the installations out there are still relying upon defaults? How many have weak configurations, interconnects, and/or rely upon code bases that are not well-validated, understood, or tested/supported?” Roberts asks. “Arguably, the lack of well-configured environments that are not being monitored or protected will have a huge impact on the number of vulnerabilities in 2019.”

2. Container-level issues

Whether the result of misconfiguration or other issues – including poor security hygiene in general – one vulnerable container can lead to bigger problems, as Marc Feghali, founder and VP of product management at Attivo Networks, explains.

“If attackers compromise a container, they can attempt to escalate privileges to take control of additional containers or the entire cluster,” Feghali says. “If attackers compromise a privileged container or steal credentials with privileges to manage the Kubernetes cluster, they can cause a great deal of damage by accessing the cluster and any data traffic between containers. This can lead to data theft or resource-hijacking.”


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

9 + eight =

Ready to find out what’s lurking in your network?

Scroll to Top