Currently I am working as a senior application security engineer at fintech start up called Kevin. In the past, I have worked for many years as a security consultant leading penetration testing, red teaming and threat intelligence for M&S in London. I am OCSP, OSCE and CISSP certified. I do enjoy doing research and my passion/interest is on Offensive security.
Cloud adoption is becoming more and more common nowadays. It is getting difficult to find just one company which has not any service within a cloud environment or it is not adopting cloud technologies. Attackers are also aware of this fact and Cloud environments are quite complex which is a clear enemy of security.
Our main goal with this presentation is to show some of the most common attack scenarios weaponised by cybercriminals which are affecting Cloud Kubernetes Services. We will also offer some possible controls to mitigate those risks.
After motivating the presentation, this talk will explore the shared responsibility model and their variants. This will help to introduce the attendees to the main cloud security challenges which are sometimes overlooked when migrating to the cloud.
Next, this talk is presenting the different deployment models and how those have evolved in time. How a Cloud Service Provider infrastructure looks like is introduced during this stage of the conference along with the specific role of Kubernetes within the Cloud Service Provider.
Walking towards the core of the presentation, this talk covers the most common attack vectors for Kubernetes, cloud and containers, digging into the corresponding MITRE att&ck matrices. We will put in common these Matrices with the attack scenarios presented right after this section.
Once the attack vectors have been presented, a detailed view of a step by step kubernetes exploitation is offered prior to jumping to the actual demonstrations. Following with Kubernetes attack scenarios, this presentation will offer at least two attack scenarios:
- External Attacker gaining control of the whole Kubernetes cluster by:
- Finding and exploiting a vulnerable application/service
- Gaining access to the container
- Escalating privileges within the container
- Escaping to the host
- Attacking the Host and performing privilege escalation
- Insider threat and how kubernetes environments are prone to be over-permissive
Moving forward this presentation we will offer some controls and mitigations to avoid these kinds of attacks. We will focus on admission control and introduce tools like Kubewarden, Kyverno or OPA Gateway to control the Admission policies. We will also explore other options available in the market to secure other aspects of the Kubernetes deployments.
Finally this talk summarises the lessons learned from the attack scenarios shown and offers the most relevant conclusions on Kubernetes Cloud Security Services.