Security News > 2021 > July > Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning.

Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes - to speed up processing time for compute-intensive jobs like machine learning and big-data processing.

Malware operators are dropping cryptominers into the cloud via Argo thanks to some instances being publicly available via dashboards that don't require authentication for outside users, according to an analysis from Intezer.

Microsoft recently flagged a wave of miners infesting Kubernetes via the Kubeflow framework for running machine-learning workflows.

"Even if your cluster is deployed on a managed cloud Kubernetes service such as Amazon Web Service, EKS or Azure Kubernetes Service, the shared responsibility model still states that the cloud customer, not the cloud provider, is responsible for taking care of all necessary security configurations for the applications they deploy," researchers noted.

"Each year there is a steady increase in enterprises using Kubernetes and the number of clusters they deploy. With these challenges that enterprises face using containers and Kubernetes clusters, there has never been a greater opportunity for attackers to exploit weaknesses in securitythere is still always the possibility of misconfiguration or exploitation."

News URL

https://threatpost.com/kubernetes-cyberattacks-argo-workflows/167997/