November 22, 2019

192 words 1 min read

Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

How are Kubernetes clusters being compromised in the wild? There arent a whole lot of public reports detailing successful attacks against Kubernetes clusters. The goal of this talk is to demystify t …

Talk Title Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty
Speakers James Condon (Director of Research, Lacework)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location San Diego, CA, USA
Date Nov 15-21, 2019
URL Talk Page
Slides Talk Slides
Video

How are Kubernetes cluster’s being compromised in the wild? There aren’t a whole lot of public reports detailing successful attacks against Kubernetes clusters. The goal of this talk is to demystify these attacks and provide recommendations to prevent them.In this talk, a successful attack on a Kubernetes honeypot is analyzed. The amount of time it took for this to occur is quite surprising. Next, using this information, the scope of research is widened to survey other clusters that have fallen victim to the same attacks. Multiple cryptojacking campaigns emerge and details behind the methods of the attackers are shared. After providing statistics on these attacks, recommendations for prevention along with indicators of compromise are provided.

comments powered by Disqus