Combat cryptojacking - avoid insecurely configured Kubernetes clusters
Combat cryptojacking - avoid insecurely configured Kubernetes clusters
Just the other week Tesla became the latest to fall victim to a hack. Tesla's Amazon Web Services (AWS) cloud account was compromised by hackers and used for cryptocurrency mining. The hackers were able to access the company's Kubernetes administration console because it was not protected by a password.

Alarmingly hackers are not just stealing sensitive data, but they are also using compute power in insecurely configured Kubernetes clusters to mine for cryptocurrency. Aviva and Gemalto have also been targeted by this new ‘cryptojacking' trend.

However the question is why is this trend becoming so widespread with Kubernetes container clusters on AWS? And more importantly what can organisations do to protect themselves from this type of attack?

Why Kubernetes and what impact could this cause?

Undoubtedly, we have seen container technologies such as Docker and Kubernetes bring a number of benefits to developers. With lightweight portable containers such as these, packaging and running application code is effortless. Specifically by bringing together software development and operations Kubernetes has made huge improvements to developer productivity. However despite the advantages of this container, there are also a number of limitations. Unfortunately there is a lack of knowledge and governance in many businesses around Kubernetes which in turn has created gaps in their security.

Kubernetes has a large footprint on AWS, with a recent study revealing that 63 percent of Kubernetes stacks run on AWS, which is good news for hackers. This widespread usage, the complex processes involved with managing Kubernetes, and insecure configurations creates the perfect opportunity for hackers looking to mine cryptocurrency.

A huge increase in public cloud bills is the obvious result of an attack of this kind, however the impact does not stop there. Holes in the security of Kubernetes can lead to an attack with multiple stages where a breach can compromise sensitive, keys, data and machines beyond the cluster itself. In businesses where thousands of containers are being administered every week this unsurprisingly leads to a lots of sleepless nights for IT executives. 

How can you keep Kubernetes clusters secure?

There are three key ways that organisations can keep their Kubernetes clusters secure: 

Blindspot detection – Find all your Kubernetes clusters

The first problem that many businesses have is to actually find Kubernetes clusters running in AWS. The IT team may know about the EC2 servers that they have provisioned but there is a strong possibility that they don't know all of the software that is on the servers. Therefore the first stage in ensuring that Kubernetes clusters is secure is to locate them. Using discovery tools is the simplest way to do this.

Assess and harden your container stack

Once an organisation has identified the Kubernetes clusters, the next step is to specify the necessary security policies to enforce which will ensure that the clusters and their workloads are kept safe and secure. After this assessment has been made, the container stack needs to be hardened. It is commonplace for Kubernetes installers to default to developer-friendly, but insecure configurations and so it is especially important that the stacks are hardened. A container stack is made up of a number of layers and if the stack is to become secure each of the layers needs to be hardened. 


The last stage in securing the Kubernetes container is automation. By implementing an effective automation solution, business can continuously monitor, assess, and remediate container stacks. Automation tools are built to enforce security as code, which is one of the ways of integrating security into the DevOps process. Container stacks, by nature are highly dynamic and are constantly changing and so automation addresses the challenges of scale and agility that comes with this. Automation is essential if all of the Kubernetes security checks are to be carried out, as it would be near impossible to carry all of these out manually. 

If Tesla, Aviva and Gemalto had followed these simple steps, then they could have prevented the cryptojacking attacks against their organisations. The adoption of container technology is increasing at an unprecedented rate. It may be true that Kubernetes or the public cloud is intrinsically insecure. However that is not to say that hackers won't find ways to leverage this technology for their advantage, as we have seen in the recent hacks. Managing the security of container stacks can be a complicated affair. Therefore locating the stacks, putting into place a standard security policy and deploying automation tools is the only way to keep cybercriminals at bay.

Contributed by Daniel Nelson, AVP, product management, BMC Software.

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.