A major vulnerability has been found in Argo CD, an open-source developer tool for Kubernetes. In response to this news, cyber security experts reacted below.
A major vulnerability has been found in Argo CD, an open-source developer tool for Kubernetes. In response to this news, cyber security experts reacted below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The KP Snacks ransomware attack is yet another reminder of the need for strong security protocols as organizations’ IT and OT networks continue to converge. Most ransomware attacks exploit a lack of cyber hygiene, and threat actors are waiting to take advantage. Organizations must protect themselves by doing the basics well — beginning with having complete visibility into all assets, including Cloud, IT and OT.</p>
<p>Attackers leverage a variety of mechanisms including Active Directory misconfigurations or trust relationships as well as exploiting well known vulnerabilities that should have been remediated. It is only a matter of time before these typically IT oriented attacks begin to more dramatically impact OT systems directly and more organizations fall victim.</p>
<p>What organizations should learn from this incident is that basic security principles can go a long way. Without implementing these, any business can and should expect disrupted core functions like manufacturing, shipping and more.</p>
<p>Open source is incredibly important for innovating in tech but companies must understand the liabilities when using it. The creators of Argo CD will likely be distraught that their code is now potentially opening up sensitive data to cyber criminals and will be patching like hell to mitigate the problem. One of the biggest issues here is that Kubernetes is essential for cloud-native companies. As with Log4j, whenever an ubiquitous piece of code is attacked it makes huge swathes of the internet vulnerable to attack. However, luckily it is not Christmas time and there is no change freeze so companies are able to patch immediately. Those who have good security hygiene practises in place should be able to weather this storm. Monitoring your network for suspicious activity is an essential part of a security strategy, especially as this vulnerability gives access to other applications’ data outside of the user’s scope. Monitoring unusual behaviour in your network will pick up on this and alert businesses before the attack is able to develop into ransomware, for example.</p>