Ransomware-in-a-box: Why containers are a cybersecurity risk

With the creation, storage, and use of data continuing to accelerate dramatically, security vulnerabilities and risks to data integrity are also escalating across the board. The trends are alarming, with one recent study from IDC -- looking at the requirements for ransomware and disaster recovery preparation -- revealing that in 2022, almost 80 percent of organizations surveyed had activated a disaster response. What’s more, 83 percent had experienced data corruption, and most worrying of all, almost two-thirds said that a ransomware attack had resulted in unrecoverable data.

Indeed, there is currently no application type that can be considered to be completely safe from ransomware. Among the wide range of possibilities this situation creates are the risks posed to organizations that are refactoring their applications for Kubernetes. Refactoring is an increasingly popular approach to application deployment, whereby apps are broken down into a range of services that can subsequently be operated independently. One of the key benefits this offers is that the application’s underlying hardware is used more efficiently, while each service can also be scaled as required without impacting other services and resources.

Despite the fact that Kubernetes and containers represent a popular and proven approach to the delivery of high-performance software infrastructure, those adopting the technology often quickly realize that the data protection and security concerns associated with refactoring can pose a significant challenge.

To give these issues some context, IDC also found that currently, most containerized applications are refactored from legacy code and, as a result, are already operational on bare metal servers or virtual machines. The refactoring process is not without its complications -- a common obstacle being the need to modify existing elements of the application to support containerization. In particular, the perceived benefits of containerization can be difficult to realize, with organizations adopting containers expecting to see improved security, but finding out that this is one of the most challenging objectives to achieve.

These issues have the potential to impact security in a variety of ways. For example, Pods are essential components of Kubernetes deployments, and their role is to host the containers for each application process. Each Pod has an IP address and can communicate with another Pod directly. The recommended method, however, is to use Services, which are sets of Pods accessible through a single, fixed DNS name or IP address. Most applications on Kubernetes rely on Services for communication, potentially exposing access to the Pod or causing networking issues within the cluster due to frequent restarts. As such, this can offer a point of entry to bad actors.

One of the other main causes of concern comes from the risks associated with supply chain attacks. Because containerized applications are designed for automation, particularly when updating code, some Kubernetes deployments may continually pull the latest Pod of an application without verifying updates or potential vulnerabilities, adding to the risk profile of organizations using the technology.

Exacerbating these problems is the current shortage of skills and knowledge amongst teams working on the design and roll-out of container-based production applications. Any application that is deployed without data protection and cybersecurity being integrated into development workflows is likely to be more susceptible to ransomware attacks.

Protection without compromise

To help mitigate against the risk and impact attacks can have on container infrastructure, organizations need to start by identifying which applications should be refactored and how the associated data should be integrated. With this as a foundation, security and recovery technologies can also be considered at an early stage of the overall process. In particular, those responsible for refactoring applications should specifically address the top container security risks by either working with native features or seeking integrations with a data protection solution that helps address their concerns.

In this way, containerized applications can be more effectively protected against ransomware, malware and a range of other security risks that are likely to disrupt repatriation, ie, their ability to revert to how the application was running before any given security incident.

To deliver holistic protection, organizations should think carefully about their choice of data protection technologies. For example, implementing a native solution can ensure data protection is also addressed as a foundational element of a container-centric strategy. By relying on this approach, development and security teams can have confidence in their ability to deliver the highest levels of protection and resilience, while at the same time, ensuring stakeholders are benefiting from the inherent performance and agility that is driving rapid adoption of these innovative technologies.

Image credit: kentoh/Depositphotos.com

Anthony Dutra is Technical Marketing Engineer at Zerto, a Hewlett Packard Enterprise company.