The Move to the Cloud
In recent years, the universal move to the cloud has become clear. Regardless of whether you run your software on a managed cluster, maintain your own deployment environment or manage the complete infrastructure from top to bottom. Cloud deployments enable far superior stability, scalability and manageability over traditional deployments by automating and unifying large parts of deployment.
Risks of moving
Managing Deployment Infrastructure can often be in itself a highly complex task, where many small mistakes can be made. By adding another layer to your deployments, you also inadvertently increase your attack surface.
Configurations are often simply ported from pre-production, which often contain lose to no security policies or far too permissive application capabilities. This can lead to compromised applications to be dangerous vectors which allow an attacker to quickly infect other applications and cluster services. To make matters worse, application backups are often done improperly and can be located and accessed from infected services.
Potential Attack Scenarios
For Pentesting, it is very helpful to consider different attack vectors:
The most common approach is to attack a service or application that is running on your infrastructure. This combines Webapp and Application Testing in the first step. When an application is infected successfully, it is then used as an entrypoint to move through the cluster. Commonly this is done by investigating other internal applications or by using the application runtime interface to access other running services.
Another approach is to infect a deployed piece of software directly to emulate the worst case scenario and focus directly on the deployment’s security, such as application capabilities and internal API configuration.
This attack utilizes exposed APIs to gain information about the internal structure of your environment, or in the worst case to directly infect your systems. This is often a result from pre-production configuration which are negligently reused. Attacks like these are especially dangerous since they require little to no time and knowledge for an attack to find and perform.
These are the traditional attacks that focus on the individual Hosts of the Cluster. Instead of the attack to being limited to a single machine, an infected cluster host allows easier movement to other machines due to the strongly interconnected nature of the environment.