Jack Mannino, CEO at nVisium, agreed that this attack leveraged a common Kubernetes misconfiguration to gain persistence within the cluster.

“Combined with weakness in access control and isolation, this is a good way to gain a foothold into a cluster and establish command and control,” Mannino said. “As more production workloads move to cloud native, the complexity of securing clusters, software development pipelines, and cloud architectures becomes incredibly difficult, as the attack surface significantly expands.”

Read entire article here