The following sections cover our research into cross-account attacks in ACI.
These are often called cross-account or cross-tenant attacks.
#PALO ALTO NETWORKS VPN AZURE CODE#
Since practically anyone can deploy a container to the platform, ACI must ensure that malicious containers cannot disrupt, leak information, execute code or otherwise affect other customers' containers. Azurescape Attack ScenarioĪCI is built to defend against malicious neighbors. This Kubernetes multitenancy approach is often called node-per-tenant. Each customer container runs in a Kubernetes pod on a dedicated, single-tenant node. In ACI, that boundary is the node virtual machine. In multitenant environments like ACI, you need to enforce a strong boundary between tenants. ACI hosted on multitenant Kubernetes clusters. According to our tests, in which we deployed several thousand containers to the platform, at the time of disclosure Kubernetes hosted around 37% of newly created containers in ACI. The issues presented here affect ACI on Kubernetes, and the rest of the post will only reference that architecture. Originally those were Kubernetes clusters, but over the past year, Microsoft started hosting ACI on Service Fabric Clusters as well.
Internally, ACI is built on multitenant clusters that host customer containers. ACI takes care of scaling, request routing and scheduling, providing a serverless experience for containers.Īzure’s website described ACI by saying, "Develop apps fast without managing virtual machines or having to learn new tools – it's just your application, in a container, running in the cloud." With ACI, customers can deploy containers to Azure without managing the underlying infrastructure. 31, 2021, and checking their access logs for irregularities.įor a high-level overview of Azurescape, please refer to our corporate blog, “ What You Need to Know About Azurescape.” Background on Azure Container InstancesĪzure Container Instances (ACI) was released in July 2017 and was the first Container-as-a-Service (CaaS) offering by a major cloud provider. As a precautionary measure, if you run containers on ACI, we recommend revoking any privileged credentials that were deployed to the platform before Aug. Unit 42 has no knowledge of Azurescape exploited in the wild. Microsoft patched ACI shortly after our disclosure. This post covers the research process, presents an analysis of the issue and suggests best practices for securing Kubernetes, with a focus on multitenancy, that could help prevent similar attacks.
#PALO ALTO NETWORKS VPN AZURE FULL#
Researchers named the vulnerability Azurescape – the first cross-account container takeover in the public cloud.Īzurescape allowed malicious users to compromise the multitenant Kubernetes clusters hosting ACI, establishing full control over other users' containers. A malicious Azure user could have exploited these issues to execute code on other users' containers, steal customer secrets and images deployed to the platform, and possibly abuse ACI's infrastructure for cryptomining.
Unit 42 researchers recently identified and disclosed critical security issues in ACI to Microsoft. Azure Container Instances (ACI) is Azure's Container-as-a-Service (CaaS) offering, enabling customers to run containers on Azure without managing the underlying servers.
0 kommentar(er)
