Major Vulnerability Found In Open Source Dev Tool For Kubernetes, Experts Weigh In

major vulnerability has been found in Argo CD, an open-source developer tool for Kubernetes. In response to this news, cyber security experts reacted below.  

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Marty Edwards
Marty Edwards , VP of OT security
InfoSec Expert
February 4, 2022 2:17 pm

<p>The KP Snacks ransomware attack is yet another reminder of the need for strong security protocols as organizations’ IT and OT networks continue to converge. Most ransomware attacks exploit a lack of cyber hygiene, and threat actors are waiting to take advantage. Organizations must protect themselves by doing the basics well — beginning with having complete visibility into all assets, including Cloud, IT and OT.</p>
<p>Attackers leverage a variety of mechanisms including Active Directory misconfigurations or trust relationships as well as exploiting well known vulnerabilities that should have been remediated. It is only a matter of time before these typically IT oriented attacks begin to more dramatically impact OT systems directly and more organizations fall victim.</p>
<p>What organizations should learn from this incident is that basic security principles can go a long way. Without implementing these, any business can and should expect disrupted core functions like manufacturing, shipping and more.</p>

Last edited 9 months ago by Marty Edwards
Jamie Moles
Jamie Moles , Senior Technical Manager
InfoSec Expert
February 4, 2022 2:16 pm

<p>Open source is incredibly important for innovating in tech but companies must understand the liabilities when using it. The creators of Argo CD will likely be distraught that their code is now potentially opening up sensitive data to cyber criminals and will be patching like hell to mitigate the problem. One of the biggest issues here is that Kubernetes is essential for cloud-native companies. As with Log4j, whenever an ubiquitous piece of code is attacked it makes huge swathes of the internet vulnerable to attack. However, luckily it is not Christmas time and there is no change freeze so companies are able to patch immediately. Those who have good security hygiene practises in place should be able to weather this storm. Monitoring your network for suspicious activity is an essential part of a security strategy, especially as this vulnerability gives access to other applications’ data outside of the user’s scope. Monitoring unusual behaviour in your network will pick up on this and alert businesses before the attack is able to develop into ransomware, for example.</p>

Last edited 9 months ago by Jamie Moles
2
0
Would love your thoughts, please comment.x
()
x