Tenable Research Finds Critical Vulnerabilities in Kubernetes Environments
78% of organisations have publicly accessible Kubernetes API servers
According to Tenable Cloud Research, organisations globally and across the Asia Pacific region are increasingly facing security challenges in their Kubernetes environments. As more businesses adopt Kubernetes to orchestrate their cloud infrastructure, serious security gaps in these environments are leaving organisations vulnerable to attacks.
According to the 2024 Tenable Cloud Risk Report, the widespread adoption of containerised applications, coupled with insufficient security measures, is exposing cloud infrastructure to risks that can result in data breaches, service disruptions, and unauthorised access to critical workloads.
“Kubernetes is the backbone of many cloud-native applications, but organisations in APAC are struggling to secure these environments properly,” said Ari Eitan, Research Director at Tenable. “Publicly exposed Kubernetes API servers and overprivileged containers are serious risks that leave businesses vulnerable to attacks. Without the right security measures in place, these misconfigurations can lead to catastrophic breaches.”
Key Findings from the Report:
- Publicly Accessible Kubernetes API Servers
- 78% of organisations have publicly accessible Kubernetes API servers, significantly increasing the risk of attacks. Of these, 41% allow inbound internet access to their Kubernetes clusters, making them even more susceptible to external threats. Attackers can exploit these configurations to gain access to sensitive resources and potentially take control of entire cloud environments.
- Privileged Containers
-
- 44% of organisations are running containers in privileged mode, granting these containers full access to the host system’s resources. Running containers with excessive privileges increases the risk of attackers escalating their control and compromising the underlying infrastructure.
-
- Overprivileged Cluster-Admin Roles
-
- 58% of organisations have cluster-admin role bindings, providing unrestricted access to all Kubernetes resources. If these roles are compromised, attackers can gain full control over the cluster, allowing them to manipulate or destroy workloads, or exfiltrate sensitive data.
-
Mitigation Strategies for Securing Kubernetes:
To address these security challenges, Tenable recommends the following best practices for APAC organisations to safeguard their Kubernetes environments:
- Limit Kubernetes API Exposure:
Ensure that Kubernetes API servers are not exposed to the public internet. Apply firewall or security group rules to restrict inbound access to Kubernetes clusters and enforce network segmentation to isolate sensitive workloads. - Reduce Privileged Containers:
Avoid running containers in privileged mode unless absolutely necessary. Adhere to security best practices such as those outlined in the CIS Kubernetes Benchmark and NIST guidelines to limit container access to host resources. - Harden Role-Based Access Control (RBAC):
Regularly audit and restrict the use of cluster-admin roles. Replace overly permissive role bindings with granular permissions that adhere to the principle of least privilege, ensuring that users and service accounts only have access to the resources they need. - Regularly Audit Kubernetes Configurations:
Conduct frequent security audits of Kubernetes configurations to detect and address any misconfigurations or unnecessary exposures. Disable anonymous access to the Kubelet API and ensure that all communications within the cluster are encrypted.
“The growing adoption of Kubernetes is a double-edged sword. While it offers great agility for cloud operations, it also introduces a new layer of complexity and security risks. APAC businesses must prioritise Kubernetes security, particularly by closing exposure gaps and enforcing strict access controls. Proactive measures today will protect organisations from becoming tomorrow’s headline breaches,” added Eitan.
