Yesterday at KubeCon EU 2024, we presented a talk Keep Hackers Out of Your Cluster with These 5 Simple Tricks. We have published a written version of our research as a guest post on tl;drsec, a well-known security newsletter for practitioners.
Many options are available to increase the security posture of a Kubernetes cluster. But which ones to prioritize, and why? In this talk, we take a data-based and threat-informed approach to prioritizing security investments. We start by describing the attacks we've seen over the past year on a network of Docker and Kubernetes honeypots we've deployed publicly-facing on the internet, mimicking the Docker API, Kubernetes API server, and Kubelet API to catch what attackers are doing in the wild. Then, we review several high-profile container escape vulnerabilities and how they've been exploited in the wild. Based on this, we list the most common ways attackers attempt to deploy malicious workloads, backdoor a cluster, or escape containers—and what are the most effective and "bang for your buck" security mechanisms that you can implement in your own cluster.
Read the blog post on the tl;dr sec website, get the slides or watch the recording.
