NSA, CISA Released a Security Guidance to Protect Kubernetes Clusters From Cyber Attack

The US security agencies NSA and CISA have jointly released a 59-page guide for the users to secure the Kubernetes Clusters. 

As part of the Cloud Native Computing Foundation, Google engineers have originally developed this. Apart from this, currently, the Kubernetes is one of the most popular container orchestration software.

While the primary motto of Kubernetes is to allow the sysadmins to easily implement new IT resources using software containers. And here, most of the software is used in cloud infrastructure.

Since the Kubernetes and Docker model is completely different from the conventional monolithic software platforms, that’s why the maximum number of sysadmins are not good enough at configuring Kubernetes securely.

Moreover, with insecure configuration settings several crypto mining botnets have attacked Kubernetes installations just over the past few years.

Here, without authentication or applications running on large clusters like Argo Workflow and Kubeflow, the hackers simply scan the internet for available online Kubernetes management functions.

And the hackers do so, by simply deploying the cryptocurrency mining software on the victims’ cloud infrastructure and accessing the endpoints. You can download the Security Guidance report here.


The cybersecurity experts at NSA and CISA have suggested few recommendations to prevent and mitigate damages from the Kubernetes hacks that all the companies and government agencies should follow, and here they are mentioned below:-

  • Always scan the containers and pods for flaws and misconfiguration.
  • Always try to run the containers and pods with the least privileges.
  • To limit the amount of damage that a compromise can cause, always use network separation.
  • To protect confidentiality always use proper encryption methods and firewalls.
  • To limit user and administrator access always use strong authentication and authorization mechanisms.
  • To monitor activity and be alerted, always use log auditing.
  • Review all Kubernetes settings and use vulnerability scans regularly to prevent security threats.

In early 2017 all these attacks started taking place at a very slow speed and in very rare cases, while now have turned into a real flood. 

As security researchers have claimed that currently there are several cybercriminal groups who are fighting simultaneously with each other for the same misconfigured cluster.

That’s why the guide released by the NSA and CISA recommends the system admins of the companies and government agencies to strengthen their security mechanisms to prevent such attacks.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.