Security breaches are prevalent. Inadequate implementation of security policies and human error are the leading causes. However, Kubernetes security incidents, more often than not, result from misconfigurations. About 67% of security breaches are caused by misconfigurations according to IDC.
According to Statista, the incidence of breaches in the U.S. has significantly increased within the past decade from 662 cases in 2010 to more than a thousand cases by 2020. Data leaks peaked in 2009 and 2018, with more than 223 and 471 million confidential information leaked in both years, respectively.
Over the years, organizations lose millions of dollars annually due to security incidents globally. The average cost per lost record globally is $150 according to Ponemon Institute; this entails that organizations’ security breaches incur about $5 trillion in financial losses. To prevent breaches, companies should institute proactive policies and solutions.
Notable Security Breaches That Could Have been Prevented
Highlighted below are noteworthy security breaches that occurred during the last decade:
1- Docker Hub
Cost of the Breach: Hackers stole the login credentials of 190,000 users.
On April 25, 2019, a malicious actor attacked Docker's online repository. The breach impacted up to 190,000 users. The invader was able to gain unrestricted access to the Docker Hub database for a short period. The stolen information included login details (usernames and hashed passwords) and GitHub & Bitbucket tokens.
In a bid to "clean up" the attack, Docker invalidated the passwords of affected users. The vendor sent the users a link to reset their login details. They took other high-level security measures to secure the repositories of users using autobuild.
The invader was able to gain access because of the inadequate implementation of security policies by Docker. Due to the growth of container technology, there's an increase in security threats to both vendors and users. Organizations must ensure proper container configuration and security implementations.
2- Microsoft Azure
Cost of the Breach: leaked 250 million customer-related records.
Microsoft unintentionally exposed five servers storing customer support databases online. A security researcher, Bob Diachenko, spotted the breach on December 31, 2019.
The servers contained about 250 million entries - IP addresses, email addresses, and other customer-related data. According to Microsoft, most of the exposed data wasn't any personal customer data.
On the same day, Microsoft implemented security measures to secure the servers. The company informed the affected customers, even though Microsoft found no malicious use of the information.
The security breach was possible because of the misconfiguration of Azure security rules on December 5, 2019. Following the incident, Microsoft enforced strict measures to prevent similar breaches.
3- Jenkins
Cost of the breach: $3 million worth of computing resources lost to a cryptojacking gang.
Jenkins was a victim of one of the biggest cryptojacking attacks. Malicious miners exploited a vulnerability in the Jenkins servers to mine a cryptocurrency, Monero. This incident was one of the most notable Kubernetes security breaches.
The malicious actors were able to mine 10,800 Monero in 18 months. It was worth about $3 million. Experts discovered this massive pernicious mining operation in February 2018.
The cryptojacking malware was evading detection by updating itself and altering mining pools. In the background, the hackers took advantage of the computing resources of the infected Jerkins systems (windows machines, personal devices connected to Jenkins, and Jenkins CI servers) to mine Monero.
4- University of California SF
Cost of the breach: $1,140,895.
On June 1, 2020, Hackers infected the University of California SF school of Medicine's IT systems with malware - ransomware attack. They reported that some critical systems like COVID-19 work and patient care delivery operations were not affected.
However, some servers were encrypted, and the ransomware actors requested a ransom. According to UCSF, some of the data stored on the servers contained vital academic work. As a result, they decided to pay the ransom to regain access.
The Netwalker criminal group was behind the attack. The malicious actors obtained some data as proof to convince the institution to pay the ransom. They demanded a whopping sum of $3 million.
After a series of negotiations on the dark web with the Netwalker gang, the university paid $1,140,895 in Bitcoin. After the payment, the malicious group released a decryption tool to the institution. They also promised to delete the files stolen from the servers.
Costly Breaches due to Misconfigurations
1- Verizon
Cost of the breach: Exposure of 14 million customer-related data and 100MB of information from an internal server.
It was reported in September 2017 that an Israeli-based company left about 14 million Verizon customer-related data unprotected on an AWS server. In the same month, Verizon left one of its internal systems (known as Distributed Visions Services) unprotected on an AWS S3 server. This mistake exposed 100MB of information.
These breaches resulted from AWS server misconfigurations. According to researchers, the data exposed were passwords, usernames, messages from internal communication, and other sensitive information that hackers could use to compromise Verizon’s internal network.
2- Leaked PIIs in Australia
Cost of the breach: leaked 48,270 personally identifiable information (PII).
Almost 50,000 PIIs were exposed due to the misconfiguration of an amazon S3 bucket. The security breach affected employees working in government agencies, banks, and utility firms. The exposed personally identifiable information includes phone contacts, passwords, names, credit card information, email addresses, etc.
Australian Department of Finance, Australian Electoral Commission, and National Disability Insurance Agency were the affected government agencies. AMP, an insurance company, had 25,000 employee internal expenses records exposed. Seventeen thousand records were leaked from UGl, a utility firm. The breach affected up to 1,500 staff of Rabobank.
3- Tesla
Cost of the breach: Malicious crypto-mining.
In February 2018, Crypto-mining malware infiltrated Tesla's Kubernetes console. The attack was possible because the console wasn't password protected. Consequently, hackers leveraged one of Tesla's pods to do crypto-mining.
"The hackers had infiltrated Tesla's Kubernetes console, which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment, which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry." - RedLock.
The malicious actors took some precautionary measures to evade detection. These evasion tactics made it difficult to spot the malware infection. Some of the hackers' tactics include not using a known mining pool, using Cloudflare to conceal their IP, and minimizing the CPU consumption.
Security breaches impact both companies and customers significantly. It could lead to the compromise of confidential customer information. Hackers can use sensitive data like personally identifiable information and credit card numbers to impersonate and steal.
On the other hand, organizations lose money, reputation, or customer confidence after security incidents. Hence the need to take proactive steps to prevent breaches.
How to Prevent a Security Breach
Here're the ways to prevent security incidences:
- Shift Security Left
- Implement Industry-Standard Security Measures
- Implement Kubernetes Best Practices
1- Shifting Security Left
Shifting left helps companies mitigate cloud-native security risks. Unlike the “traditional” approach of handling security at the tail-end of the software development process, shifting-left is the practice of incorporating security measures into the DevOps workflows - DevSecOps. In the DevSecOps approach, developers adopt a security-first mindset. By integrating security automation, policy enforcement, and remediation tools in the development process, companies enjoy the benefits of DevSecOps and are able to patch vulnerabilities swiftly.
2- Implementing Industry-Standards Security Measures
Learn the basics of securing your Kubernetes cluster and enforce industry-standard cybersecurity best practices. These security measures include backup policies, password management guidelines, multi-factor authentication, adopting security technologies, and hiring security professionals.
3- Implement Kubernetes Best Practices
Given the increase in Kubernetes security breaches, there's a need to take appropriate measures to enforce Kubernetes network security policies. It goes without saying that most Kubernetes security breaches result from inadequate configuration and a lack of proper security implementations. Taking proactive steps to avoid a security breach is the ideal thing to do.
Conclusion
Cybersecurity remains a thing of concern for companies globally. Malicious actors keep evolving and finding sophisticated ways to compromise systems. Building a breach-proof company requires that you take proactive steps to protect your cloud infrastructures.
Magalix can help you manage your cloud infrastructures and enforce industry-standard Kubernetes best practices. We're in the business of assisting organizations in implementing policy-as-code across their entire Kubernetes and cloud infrastructure. Magalix helps companies identify and secure workloads to meet cloud-native applications' scale needs while accommodating a continuous flux.
back
mins read
7 mins read
Comments and Responses