Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty
How are Kubernetes clusters being compromised in the wild? There arent a whole lot of public reports detailing successful attacks against Kubernetes clusters. The goal of this talk is to demystify t …
Talk Title | Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty |
Speakers | James Condon (Director of Research, Lacework) |
Conference | KubeCon + CloudNativeCon North America |
Conf Tag | |
Location | San Diego, CA, USA |
Date | Nov 15-21, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
How are Kubernetes cluster’s being compromised in the wild? There aren’t a whole lot of public reports detailing successful attacks against Kubernetes clusters. The goal of this talk is to demystify these attacks and provide recommendations to prevent them.In this talk, a successful attack on a Kubernetes honeypot is analyzed. The amount of time it took for this to occur is quite surprising. Next, using this information, the scope of research is widened to survey other clusters that have fallen victim to the same attacks. Multiple cryptojacking campaigns emerge and details behind the methods of the attackers are shared. After providing statistics on these attacks, recommendations for prevention along with indicators of compromise are provided.