Back to all scenarios
Scenario #254
Security
K8s v1.22, Azure AKS

Rogue Container Executing Malicious Code

A compromised container running a known exploit executed malicious code that allowed the attacker to gain access to the underlying node.

Find this helpful?
What Happened

A container running an outdated image with known vulnerabilities was exploited. The attacker used this vulnerability to gain access to the underlying node and execute malicious commands.

Diagnosis Steps
  • 1Conducted a forensic investigation and found that a container was running an outdated image with an unpatched exploit.
  • 2Detected that the attacker used this vulnerability to escape the container and execute commands on the node.
Root Cause

Running containers with outdated or unpatched images introduced security vulnerabilities.

Fix/Workaround
• Updated the container images to the latest versions with security patches.
• Implemented automatic image scanning and vulnerability scanning as part of the CI/CD pipeline to catch outdated images before deployment.
Lessons Learned

Regularly update container images and scan for vulnerabilities to reduce the attack surface.

How to Avoid
  • 1Implement automated image scanning tools to identify vulnerabilities before deploying containers.
  • 2Enforce policies to only allow trusted and updated images to be used in production.
Previous ScenarioNext Scenario