Friday, March 29, 2024

Microsoft Warns of Azure Bug That Let Attackers take Control of Azure Container Instances (ACI)

The security analysts of the Palo Alto Networks have recently pronounced about a new vulnerability that has been named Azurescape. According to the report, the issue involved the Azure Container Instances, a cloud service that enables companies to deploy packaged applications (containers) in the cloud.

However, the security experts asserted that this issue allotted a malicious container to hijack different other containers that were held by different platform users. 

Not only this, but they also affirmed that the threat actors exploiting Azurescape could enable them to execute commands in someone else’s containers and obtain access to all data from other clients. 

Potentially affected Azure Container Instances accounts

There is no proper indication that any customer data was being obtained because of this vulnerability. But the report claimed that just for safety and more precaution specific notifications have been sent to customers that were being potentially affected by the researcher’s activities. 

Moreover, they also suggest that the privileged credential was extended to the platform before August 31, 2021.

Background on Azure Container Instances

Azure Container Instances (ACI) was initially published in July 2017, and it was the very first Container-as-a-Service (CaaS) that has been contributed by a major cloud provider. 

But, the ACI, customers can easily use the containers to Azure outwardly maintaining the whole foundation. So, the ACI  generally has concerns regarding:- 

  • Scaling
  • Request routing
  • Scheduling
  • Implementing a serverless experience for all kinds of containers

Scouting the Node Environment

After checking all the nodes carefully the security researchers stated that they have verified that their container was the only customer container. 

However, they have utilized the Kubelet credentials, and not only this but they have also listed the pods and nodes in the cluster.

According to the analysts, the cluster received about 100 customer pods and had nearly 120 nodes. Moreover, every customer has appointed a Kubernetes namespace where their pod ran the caas-d98056cf86924d0fad1159XXXXXXXXXX.

Kubernetes CVE-2018-1002102

The API-server infrequently stretches out to Kubelets, but, the CVE-2018-1002102 marks a security problem in how the API-server is acquainted with Kubelets and it has also accepted redirects. 

However, by redirecting the API-server’s send requests to another node’s Kubelet, a malicious Kubelet can develop into a cluster. 

Influence of the Attack and fix

The malicious Azure user can easily compromise the multitenant Kubernetes clusters that are hosting ACI and the cluster administrator.

While the threat actors could perform commands in other customer containers, as well as it can also exfiltrate codes and private images that are extended to the platform, or deploy crypto miners. 

Not only this but a sophisticated adversary would examine detection tools that are protecting ACI as it will help to avoid getting caught.

How to secure ACI?

Apart from this, cybersecurity analysts have suggested some points that will help the users to keep the ACI secure.

They recommend withdrawing any privileged credentials that were extended to the platform before August 31st, 2021.

There are some common areas to define configuration and codes for container groups and that includes the following things:-

  • Environment Variables
  • Secret Volumes
  • Azure file share
  • Consult these security best methods resources 
  • Azure Container Instances Security Baseline 
  • Azure Container Instances Security Considerations 
  • Always keep urself updated regarding security-related notifications like this one by configuring Azure Service Health Alerts. 

This kind of malware is quite dangerous in nature, and it puts a huge impact on the users, so, Azurescape is proof that it can put a lot of effect on the users.

Therefore all the Cloud providers spend massively in ensuring their platforms, but it’s also true that the unknown zero-day vulnerabilities would exist and put clients in danger.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles