Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Aviv Sasson, Jay Chen

2021-10-14

As much as the cloud-native community devoted to building a rock-solid platform, the weakest link has always been the users who inadvertently introduced insecure configurations. Jay and Aviv will share their findings of misconfigured Kubernetes clusters in the wild and malware campaign that exploited these misconfigurations. Their research found 2,100 unsecured Kubernetes clusters that consist of 5,300 nodes, 31,340 CPUs, and 75,270 pods on the internet. Many sensitive data leaked from these clusters, including access credentials, source code, and PII. The researchers will share how they architected their honeypot infrastructure to collect and monitor malicious activities targeting Kubernetes environments. The research also uncovered the first malware that exploited Kubelets to compromise Kubernetes. The malware used sophisticated tactics to evade detection, harvest credentials, move laterally, and perform cryptojacking operations in compromised clusters.

Conference:  OWASP 20th Anniversary Event

Authors: Malcolm Heath, Raymond Pompon

2021-09-24

The presentation discusses the analysis of 8.5 million web honeypot events collected over 52 months to identify specific CVEs being targeted in large global attack campaigns and to understand attacker tactics and trends. The data-driven defense approach is emphasized.

• Partnership with Deflexio to collect data from web sensors in hundreds of honeypots worldwide
• 8.5 million events analyzed using Python, Pandas, NumPy, Jupiter Notebooks, and Elasticsearch
• Identification of specific CVEs targeted in global attack campaigns and understanding of attacker tactics and trends
• Data-driven defense approach emphasized