Compromised image In registry
Info
ID: MS-TA9002
Tactic: Initial Access
MITRE technique: T1195.002, T1525
Running a compromised image in a cluster can compromise the cluster. Attackers who get access to a private registry can plant their own compromised images in the registry. The latter can then be pulled by a user. In addition, users often use untrusted images from public registries (such as Docker Hub) that may be malicious.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9004 | Secure CI/CD environment | Placing gates in the CI\CD process can block pushing unsecured code to container images. |
| MS-M9005 | Image Assurance Policy | Ensure that only images that passed the security compliance policies are pushed to registries and deployed to Kubernetes clusters. |