How A Loophole Could Allow Attackers to Penetrate Thousands of GKE Clusters

Logo
Presented by

Roi Nisimi, Cloud Threat Researcher & Ofir Yakobi, Cloud Security Researcher at Orca Security

About this talk

A loophole in Google Kubernetes Engine (GKE) - dubbed ‘Sys:All’ - could allow an attacker with any Google account to take over a GKE cluster, potentially leading to serious security incidents such as cryptomining, denial of service, and sensitive data theft. The loophole stems from a likely widespread misconception that the system:authenticated group in GKE includes only verified and deterministic identities, whereas in fact, it includes any Google authenticated account (even outside the organization). This misunderstanding could then create a serious weakness when the system:authenticated group is assigned overly permissive roles. Learn from our speakers as they deep-dive into the details of the GKE loophole, provide the results of our initial reconnaissance research in the wild, and provide practical recommendations on how to make sure your organization is not vulnerable. In this webcast, we’ll cover: - What the ‘Sys:All’ GKE loophole is - How we managed to find thousands of vulnerable GKE clusters - How to protect against this loophole Learn more: https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ https://orca.security/resources/research-pod/sys-all-google-kubernetes-engine-risk/ Get a Demo of the Orca Security Platforn: https://orca.security/demo/
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (98)
Subscribers (23617)
Orca Security is the industry-leading Cloud Security Platform that identifies, prioritizes, and remediates security risks and compliance issues across your cloud estate spanning AWS, Azure, Google Cloud and Kubernetes.