Microsoft annouces ATT&CK-inspired matrix for Kubernetes

Recently, the security industry is very popular to use ATT&CK framework to design knowledge base framework or threat modeling. Recently, Microsoft also released an open-source cloud orchestration framework Kubernetes attack matrix.

Microsoft hopes to use this matrix to help organizations identify gaps in defense capabilities against various security threats to Kubernetes because Kubernetes has grown into one of the world’s most popular open-source systems for managing containerized applications.

Microsoft pointed out that the Kubernetes attack matrix was inspired by the Mitre ATT&CK framework. The framework is a publicly accessible public knowledge base that anyone in the security industry can use to make threat modeling.

Yossi Weizman, a security research software engineer at the Microsoft Azure Security Center said:

“While Kubernetes has many advantages, it also brings new security challenges that should be considered. Therefore, it is crucial to understand the various security risks that exist in containerized environments, and specifically in Kubernetes.”

Microsoft’s Kubernetes attack matrix covers nine main attack strategy steps:

• Initial access
• Execution
• Persistence
• Privilege escalation
• Defense evasion
• Credential access
• Discovery
• Lateral movement
• Impact

Each step in these strategies includes multiple techniques that attackers can use to achieve different goals.