Posts under kubernetes threats
The eighth installment in our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – examines lateral movement. Following a breach, an attacker might try to move throughout the environment to gain access to other resources, including other containers, nodes, or cloud resources. This blog post covers the set of techniques an attacker can employ to achieve lateral movement and offers guidance to mitigate them.
Part seven of our nine-part blog series – where we examine each of the nine MITRE ATT&CK tactics and techniques for Kubernetes – examines the technique known as Discovery. The tactics in this category are intended to help an attacker effectively explore a Kubernetes environment to achieve lateral movement and gain access to a wider scope of resources with or beyond the cluster. They include ways to gain access to the Kubernetes API server or the Kubelet API, map the cluster network, or compromise resources via the Kubernetes Dashboard or cloud instance metadata.
Part four of our nine-part blog series on the various Kubernetes threat vectors and tactics covers Privilege Escalation, which encompasses techniques that enable an attacker to gain additional privileges that can be used to take more actions within the cluster and/or grant access to a wider scope of resources. These techniques include accessing or running a privileged container, taking advantage of roles with broad administrative privileges, and gaining access to cloud resources.
This is part three of a nine-part blog series where we examine each of the nine Kubernetes threat vectors across 40 attack techniques and provide actionable advice to mitigate these threats. Don’t forget to check out parts one and two. The third tactic in the Kubernetes attack matrix is Persistence. This tactic groups together techniques that are aimed at enabling an attacker to maintain a presence within a Kubernetes cluster beyond initial access through actions such as taking advantage of Kubernetes controllers, mounting a file to a container, or running recurring Kubernetes Jobs.