As cloud-native applications continue to proliferate, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they offer. In fact, Gartner predicts that 75% of global organizations are running containerized applications in production. The popularity of containers has also attracted hackers looking for new ways to exploit applications.

Kubernetes security is a critical part of the app lifecycle, through the build, deployment and runtime stages. Kubernetes runtime environments are dynamic and continuously changing. As clusters are replaced and permissions reassigned, security becomes an innate part of DevOps. It is important to ensure that malware and other malicious attacks do not access the cloud, as they might lead to system failures, servers going down, and more.

On January 16, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) sent out a Cybersecurity Advisory (CSA) about active threat actors deploying the AndroxGh0st malware. This is significant as cyber criminals are actively using this malware to target Laravel (CVE-2018-15133) (an open source PHP framework).env files and obtain credentials for various high profile applications like Office365, SendGrid, and Twilio.

Nowadays, most of the applications are deployed on containers and orchestrated using Kubernetes or similar technology. Due to this, the performance, stability, and scalability are highly increased. But, it also widens up the attack surface if proper security controls, techniques, tools, and practices are not followed/used. So, if your application is running on containers or if you are thinking about deploying containers, then learning about container security best practices is a must.

CloudCasa, the software-as-a-service solution for backup and recovery of Kubernetes and cloud native database workloads, has come a long way since its early days.

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security risks.

The Snyk Security Labs team recently embarked on a research project into the Docker engine. During this project, I had the opportunity to perform what is arguably my favorite kind of research using my favorite selection of tools. The research panned out quite successfully, and we identified four high severity vulnerabilities that allow a malicious attacker to break out of a container environment with a controlled Dockerfile under docker build and, in one case, docker run.

As containerized applications become the norm, the complexities of securing these dynamic, scalable environments demand a fresh perspective on traditional security practices. While Kubernetes streamlines deployment and management, it also introduces a new layer of attack surface, necessitating a nuanced approach to threat mitigation.

Cybersecurity breaches are becoming more frequent and more impactful. Adversaries continue to grow stronger, and defenders aren’t always keeping pace. Add in the increasing number of nation-state actors in the threat landscape, and it’s hardly surprising that governments are starting to take a greater role in regulating security. On July 26th, 2023, the U.S.