<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">
weaveworks_logo_headerstrip
magalix_logo_headerstrip

Weaveworks 2022.03 release featuring Magalix PaC | Learn more

Magalix Logo
Login
Register For FREE
github icon github icon azuremarketplace icon azuremarketplace icon

MITRE ATT&CK Matrix for Kubernetes

These pages cover what Magalix is, how to get started using it, and reference materials for its features and supported cloud providers.

    Get started quickly, and get all your questions answered now!

    Talk to an Expert

      Initial Access

      MITRE ATTACK - Initial Access

      Overview

      Initial Access refers to tactics an attacker may use to gain access to a Kubernetes cluster. They may do this either by compromising various resources deployed on the cluster or directly by compromising a component within the Kubernetes control plane that handles cluster management.

      1- Using Cloud Credentials

      If the Kubernetes cluster is deployed in a public cloud and if a cloud credential is compromised, attackers may get access to the cluster’s management layer.  A compromised credential may lead to a compromise of the entire cluster, and may also lead to a cluster takeover.

      2- Compromised Images in Registry

      A compromised, untrusted or unsafe image running in a cluster can lead to its compromise. It may be downloaded from a public image registry (e.g. Docker Hub), built from untrusted base images, or added to a private registry by an attacker and pulled by a user. It may contain malicious code that allows an attacker to access a cluster.

      image-approved-registry

      3- Kubeconfig File

      The kubeconfig file, used by kubectl, contains the location and credentials of clusters. A compromised client could issue cloud commands to download this file if the cluster is hosted as a cloud service. If a bad actor gets access to this file, they can use it to access the clusters.

      4- Application Vulnerability

      Containerized, public-facing applications with vulnerabilities leave an organization susceptible to exploits by threat actors. If they run in a cluster, the threat actor may gain initial access to the cluster. They may also exploit the vulnerability to reach other applications, access sensitive data, or launch a Denial of Service (DoS) attack.

      MITRE ATTACK - Initial AccessMITRE ATTACK - Initial AccessMITRE ATTACK - Initial Access

      5- Exposed Sensitive Interfaces

      When a sensitive interface is exposed to the Internet, it creates a security risk. Frameworks that don’t require authentication by default are particularly vulnerable. Exposing such frameworks allows malicious actors to gain unauthenticated access to a sensitive interface and run code or deploy containers in the cluster. One such interface that has been exploited previously is the Kubernetes dashboard.

       
      arrow

      Start Your 30-day Free Trial Today!

      Implement the proper governance and operational excellence in your Kubernetes clusters.

      Get Started
      View Pricing

      “We are on a mission to add intelligence to applications and infrastructure so you can focus on what truly requires human intelligence.”

      Google Cloud Partner
      Microsoft Azure Partner
      Product
      Company
      Resources
      Questions?

      Subscribe to the SaC Newsletter

      Stay up to date with Security as Code (SaC) Bi-weekly Magalix newsletter.
      © 2022 Magalix Corporation. All Rights Reserved.