Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

 

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks.

Kubernetes is a well-known platform for managing containerized workloads and services. It’s popular due to its open-source nature, ability to manage everything through code, and its portability to run anywhere. It’s used by a wide range of companies in various industries, including tech giants like Google and Spotify, financial services companies like Capital One, and media outlets like The New York Times.

"These encoded Kubernetes configuration secrets were uploaded to public repositories," Aqua security researchers Yakir Kadkoda and Assaf Morag said in new research published earlier this week.

Some of those impacted include two top blockchain companies and various other fortune-500 companies, according to the cloud security firm, which leveraged the GitHub API to fetch all entries containing .dockerconfigjson and .dockercfg types that store credentials for accessing a container image registry.

Of the 438 records that potentially held valid credentials for registries, 203 records – about 46% – contained valid credentials that provided access to the respective registries. Ninety-three of the passwords were manually set by individuals, as opposed to the 345 that were computer-generated.

"In the majority of cases, these credentials allowed for both pulling and pushing privileges," the researchers noted. "Moreover, we often discovered private container images within most of these registries."

Furthermore, nearly 50% of the 93 passwords were deemed weak. Some of these comprised of password, test123456, windows12, ChangeMe, and dockerhub, among others.

"This underscores the critical need for organizational password policies that enforce strict password creation rules to prevent the use of such vulnerable passwords," the researchers added.

Aqua said it also found instances where organizations fail to remove sensitive information from the files that are committed to public repositories on GitHub, leading to inadvertent exposure.

But on a positive note, all the credentials associated with AWS and Google Container Registry (GCR) were found to be temporary and expired, making access impossible. In a similar vein, the GitHub Container Registry required two-factor authentication (2FA) as an added layer against unauthorized access.

"In some cases, the keys were encrypted and thus there was nothing to do with the key," the researchers said. "In some cases, while the key was valid it had minimal privileges, often just to pull or download a specific artifact or image."

According to Red Hat's State of Kubernetes Security Report released earlier this year, vulnerabilities and misconfigurations emerged as top security concerns with container environments, with 37% of the total 600 respondents identifying revenue and customer loss as a result of a container and Kubernetes security incident.

This underscores the importance for organizations to enforce robust cybersecurity guidelines and to use measures such as multi-factor identification. Inadvertent exposure from weak credentials can allow unauthorized access to sensitive information and data leakage.

Don’t let your organization be the next cybersecurity breach

Take action today to enforce password policies and ensure the security and integrity of your cybersecurity framework.

 

Related Blogs

Interware Blogs
Squarespace Blogs - Lily (7).png
4 Cyber Threats that Frequently Evade Detection
Challenges - Lily (2).png
Preparing for Cybersecurity Challenges of 2024
Pen Test.PNG
Benefits of Network Pentesting
Compliance.png
Implementing Zero Trust Controls for Compliance
Cyber Security.PNG
“Securing Business Communication Channels: Defending Against Hackers”
Squarespace Blogs - Lily (1).png
Prioritize Cybersecurity Spending
Squarespace Blogs - Lily.png
Defense is the best offense!
Supermassive “Mother of All Breaches“: 26 Billion Records Leaked— And What You Can Do to Protect Yourself
Supermassive “Mother of All Breaches“: 26 Billion Records Leaked— And What You Can Do to Protect Yourself
Getting off the Attack Surface Hamster Wheel: Identity Can Help
Getting off the Attack Surface Hamster Wheel: Identity Can Help
Why Public Links Expose Your SaaS Attack Surface
Why Public Links Expose Your SaaS Attack Surface
Squarespace Blogs - Lily (9).png
Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster
Squarespace Blogs - Lily (12).png
Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices
Reimagining Network Penetration Testing With Automation
Reimagining Network Penetration Testing With Automation
Unveiling the Cyber Threats to Healthcare: Beyond the Myths
Unveiling the Cyber Threats to Healthcare: Beyond the Myths
Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'
Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Offensive and Defensive AI: Let's Chat(GPT) About It
Offensive and Defensive AI: Let's Chat(GPT) About It
Unleashing the Power of SaaS Security
Unleashing the Power of SaaS Security
Ransomware Attacks Double: Is Your Business Prepared for 2024's Cyber Threats?
Ransomware Attacks Double: Is Your Business Prepared for 2024's Cyber Threats?
Guard Your Data from Exposure in ChatGPT
Guard Your Data from Exposure in ChatGPT
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
"I Had a Dream" and Generative AI Jailbreaks
"I Had a Dream" and Generative AI Jailbreaks
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
Are You Willing to Pay the High Cost of Compromised Credentials?
Are You Willing to Pay the High Cost of Compromised Credentials?
The Rise of the Malicious App
The Rise of the Malicious App
Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant
Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
cybercrime, business, APTxuan wu