Threat Environment

(Back)

Cloud native applications based on containers and microservices have vulnerability and attack vectors that need to be mitigated. Container and container orchestrators inherit typical IT vulnerabilities as well as introduce some of their own, especially if containers are started with escalated privileges. The following is a list of potential threats to a containerized environment:

Threat	Description
Container Compromise	An attacker can exploit application vulnerabilities or misconfigurations to gain unauthorized access to a container. Once inside, they may: Launch application-level attacks like DDoS or XSS against public-facing containers. Execute malicious code or malware. Scan the network for vulnerabilities and sensitive data. Break out of the container to access the host system or other containers. Consume excessive resources to disrupt other containers.
Lateral Movement	Compromised containers can attempt to communicate with other containers or nodes within the cluster to spread the attack.
Data Exfiltration	Attackers can steal sensitive data from containers, often using techniques like reverse shells or covert channels.
Host Compromise	If the host system is compromised, an attacker can gain access to all containers running on that host, potentially escalating privileges.
Kubernetes API Server and Kubelet Attacks	Attackers may target the Kubernetes API server or kubelets to disrupt the cluster or gain unauthorized access to secrets, resources, or containers.
Supply Chain Attacks	Malicious actors can introduce vulnerabilities into the software supply chain, compromising images, libraries, or dependencies.

Additional Considerations

In addition to the threats listed above, organizations should consider the following security aspects when deploying containerized environments:

Consideration	Description
Image Security	Ensuring the security of container images, including scanning for vulnerabilities and using trusted registries.
Network Security	Implementing network segmentation, firewalls, and intrusion detection systems to protect container networks.
Identity and Access Management	Controlling access to Kubernetes resources and enforcing least privilege principles.
Monitoring and Logging	Continuously monitoring container environments for suspicious activity and maintaining detailed logs for forensic analysis.
Incident Response Planning	Developing a robust incident response plan to quickly detect, contain, and remediate security incidents.
Compliance and Auditing	Ensuring that containerized environments comply with relevant security standards and regulations and conducting regular audits to verify compliance.

Page details

Date modified: