Kubernetes CronJob
Info
ID: MS-TA9014
Tactic: Persistence
MITRE technique: T1053.007
Kubernetes Job is a controller that creates one or more pods and ensures that a specified number of them successfully terminate. Kubernetes Job can be used to run containers that perform finite tasks for batch jobs. Kubernetes CronJob is used to schedule Jobs. Attackers may use Kubernetes CronJob for scheduling execution of malicious code that would run as a container in the cluster.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9005.003 | Gate images deployed to Kubernetes cluster | Restrict deployment of new containers from trusted supply chain |
| MS-M9003 | Adhere to least-privilege principle | Prevent unnecessary users and service accounts from creating new cronjobs. |
| MS-M9013 | Restrict over permissive containers | Check cronjob pod template for sensitive mounts and excessive permissions. |