Today is a special day for us at BinaryEdge. We are celebrating our graduation from the Cylon cybersecurity accelerator and with that we decided to release a new feature.
We're happy to announce a new module and data type on our platform. Kubernetes.
(The numbers shown on this blogpost are only of a sample of the data, please check the platform over the next few hours and days for more data while it is being imported)
SaaS and Enterprise clients can now go into the portal and in the hosts tab use the following queries:
This query will show all kubernetes found, those with authentication and without.
But what if we want to take a look at just those that had no authentication at all ?
type:kubernetes AND kubernetes.auth_required:false
With this query you can see the list of pods the cluster is hosting.
This module will now be used on 4 ports across the entire IPv4: 443, 6443, 8443,8080.
As an enterprise client you will see these on the realtime firehose with the events containing a lot of information about the cluster. For more on this you can see the documentation here
What if I want to find cryptominers?
Essentially what we see is that there are multiple "miner" images being loaded. One example of this as mentioned on this blogpost
To look for this on the BinaryEdge platform
type:kubernetes AND kubernetes.auth_required:false y1ee115
Out of all the technologies we have been looking into, that we don't have modules for, kubernetes is at the top in terms of growth of use. We've reported to multiple F100 companies about their exposed clusters, we have seen clusters being infected with cryptomining bots.
What about the secrets?
For those of you that don't know, kubernetes clusters have a part called "secrets" these are essentially where usernames, passwords, tokens get saved to be used by the pods. We've decided not to publish this data as it wouldn't help anyone improve their security. The data shown is enough for clients to identify their exposure and fix their systems.
We would like to thank Random Robbie for helping us in the creation of this module. He has been doing amazing work reporting Kubernetes clusters on bug bounty platforms to companies and was a huge asset when working alongside us on building this module.