Security breaches are common. Inadequate implementation of security policies and human error are the main reasons. However, Kubernetes security issues are often due to incorrect configurations. About 67% of security breaches are due to incorrect configurations, according to IDC.
By Statistics, the incidence of violations in the United States has increased significantly over the past decade from 662 cases in 2010 to more than a thousand cases by 2020. Data leaks peaked in 2009 and 2018, with more than 223 and 471 million confidential data leaks in both years, respectively.
Over the years, organizations lose millions of dollars annually due to global security disruptions. The average cost per lost record is $ 150, according to the Ponemon Institute; this means that security breaches in organizations result in financial losses of approximately $ 5 trillion. To prevent infringements, companies should adopt proactive practices and solutions.
Significant security breaches that could have been prevented
The following are the notable security breaches that have occurred over the past decade:
1- Docker pole
Infringement costs: Hackers stole the login information of 190,000 users.
A malicious actor attacked on April 25, 2019 Docker online archive. The violation affected up to 190,000 users. An attacker was able to gain unrestricted access to the Docker Hub database for a short period of time. The stolen data included login information (usernames and compressed passwords) as well as GitHub & Bitbucket tokens.
Offered to “clean up” the attack, the Docker invalidates users’ passwords. The reporter sent users a link to return their login information. They took other high-level security measures to secure the archives of users using the autobuild.
The attacker gained access because the Docker did not implement an adequate security policy. With the growth of container technology, security threats to both suppliers and users are increasing. Organizations must ensure proper container identification and security implementations.
2- Microsoft Azure
Infringement costs: 250 million customer-specific information leaked.
Microsoft inadvertently exposed five servers that store customer support databases online. Security investigator Bob Diachenko noticed the violation on December 31, 2019.
The servers contained about 250 million entries – IP addresses, email addresses, and other customer-related information. According to Microsoft, most of the information disclosed was not personal customer information.
On the same day, Microsoft implemented security measures to protect the servers. The company informed affected customers, although Microsoft did not find any misuse of the information.
The security breach was made possible by an incorrect definition of Azure security rules on December 5, 2019. Following the incident, Microsoft enforced strict measures to prevent similar breaches.
Breach Price: A $ 3 million computing resource lost to the kryptojacking gang.
Jenkins was one of the biggest victims kryptojacking attacks. Malicious miners exploited the vulnerability of Jenkins servers to dig the cryptocurrency Monero. This incident was one of the most significant security breaches by Kubernetes.
Harmful operators were able to dig 10,800 Moneros in 18 months. It was worth about $ 3 million. Experts discovered this massive harmful mining in February 2018.
Kryptojacking malware circumvents detection by updating itself and modifying mining pools. Hackers used the computing resources of infected Jerkins systems (Windows machines, Jenkins-connected personal devices, and Jenkins CI servers) in the background to dig Monero.
4- University of California, SF
Infringement price: $ 1140895.
Hackers infected on June 1, 2020 University of California, SF medical college IT systems with malware – ransomware attack. They reported that some critical systems, such as COVID-19 work and patient care interventions, were not affected.
However, some servers were encrypted, and ransomers requested a ransom. According to the UCSF, some of the data stored on the servers contained vital academic work. As a result, they decided to pay a ransom to get access back.
The Netwalker criminal group was behind the attack. Harmful operators received some information as evidence to persuade the institution to pay the ransom. They are demanding a staggering $ 3 million.
After negotiations with the Netwalker gang on the dark network, the university paid $ 1,140,895 in Bitcoin. After the payment, the malicious group released a decryption tool to the facility. They also promised to delete the stolen files from the servers.
Expensive violations due to incorrect configuration
Infringement costs: Disclosure of 14 million customer-specific data and 100 MB of data from an internal server.
It was reported in September 2017, the Israeli company left approximately 14 million Verizon customer-specific information unprotected on the AWS server. That same month, Verizon left one of its internal systems (known as Distributed Visions Services) unprotected on an AWS S3 server. This error revealed 100 MB of data.
These violations were due to incorrect configuration of the AWS server. The information revealed by the investigators was passwords, usernames, internal communications messages, and other sensitive information that hackers could use to compromise Verizon’s internal network.
2 – Leaked PII in Australia
Infringement costs: leaked 48,270 personal identification data (PII).
Nearly 50,000 ID cards were exposed Incorrect configuration of the Amazon S3 bucket. The security breach involved employees working in government agencies, banks and electricity companies. Exposed personal information includes phone contacts, passwords, names, credit card information, email addresses, etc.
The Australian Treasury, the Australian Electoral Commission and the National Invalidity Insurance Agency were affected government agencies. AMP, the insurance company, had disclosed a record of the internal expenses of 25,000 employees. Seven thousand records were leaked from UG1, the electricity company. The infringement affected up to 1,500 Rabobank staff.
Breach Price: Harmful cryptographic mining.
In February 2018, the Crypto-Mining malware was invaded Teslan Kubernetes console. The attack was possible because the console was not password protected. For this reason, hackers took advantage of one of Tesla’s bars to extract encryption.
“The hackers had hacked into Tesla’s Kubernetes console, which was not password-protected. Within one Kubernetes pod, the credentials were exposed to Tesla’s AWS environment, which contained an Amazon S3 (Amazon Simple Storage Service) bucket with sensitive data such as telemetry. “- RedLock.
Harmful operators took some precautions to avoid detection. These tax avoidance tactics made it difficult to detect a malware infection. Some of the hackers ’tactics are not using a well-known mining pool, using Cloudflare to encrypt IP, and minimizing CPU consumption.
Security breaches have a significant impact on both companies and customers. It can lead to the compromise of confidential customer information. Hackers can use sensitive information, such as personal information and credit card numbers, to impersonate and steal.
On the other hand, organizations lose money, reputation, or customer trust after security breaches. It is therefore necessary to take proactive measures to prevent infringements.
How to prevent security breaches
Here are ways to prevent security breaches:
- Switch safety to the left
- Take safety measures in accordance with industry standards
- Apply Kubernetes best practices
1 – Move safety to the left
Shift left help companies mitigate cloud-based security risks. Unlike the traditional approach to dealing with security at the end of the software development process, the move to the left is the practice of incorporating security measures into DevOps workflows – DevSecOps. In the DevSecOps approach, developers first embrace security. By integrating security automation, policy monitoring, and repair tools into the development process, companies enjoy the benefits of DevSecOps and are able to fix vulnerabilities quickly.
2- Implementation of safety measures in accordance with industry standards
Learn Criteria for protecting the Kubernetes cluster and adhere to industry standards for cybersecurity best practices. These security measures include backup policies, password management guidelines, multi-factor authentication, the introduction of security technologies, and the hiring of security professionals.
3- Apply Kubernetes best practices
Given the increase in security breaches by Kubernetes, it is necessary to take appropriate measures enforce Kubernetes network security policies. Needless to say, most Kubernetes security breaches are due to inadequate configuration and lack of proper security implementations. Taking proactive measures to avoid security breaches is ideal.
Cyber security remains a concern for businesses worldwide. Malicious actors are constantly evolving and looking for sophisticated ways to compromise systems. Building a non-destructive enterprise requires proactive action to protect cloud infrastructures.
Magalix can help you manage your cloud infrastructures and follow industry-standard Kubernetes best practices. We help organizations implement the code of conduct across the Kubernetes and cloud infrastructure. Magalix helps companies identify and secure workloads to meet the scale needs of cloud-based applications and adapt to a continuous flow.