This post is also available in: 日本語 (Japanese)
The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. This unprecedented cross-account takeover affected Microsoft's Azure Container-as-a-Service (CaaS) platform. Researchers named the finding Azurescape because the attack started from a container escape – a technique that enables privilege escalation out of container environments.
Microsoft took swift action to fix the underlying issues as soon as we reported them to the Microsoft Security Response Center (MSRC). We’re not aware of any Azurescape attacks in the wild, but it is possible that a malicious user of the Azure Container Instances (ACI) platform could have exploited the vulnerability to execute code on other customers' containers, without any prior access to their environment.
Azurescape allows an ACI user to gain administrative privileges over an entire cluster of containers. From there, the user could take over the impacted multitenant clusters to execute malicious code, steal data or sabotage the underlying infrastructure of other customers. The attacker could gain complete control over Azure’s servers that host containers of other customers, accessing all data and secrets stored in those environments.
Public clouds operate on a concept known as multitenancy. Cloud service providers build environments that host multiple organizations (or “tenants”) on a single platform, providing secure access to each while leveraging unprecedented economies of scale by building massive cloud infrastructures.
While cloud providers invest heavily in securing these multitenant platforms, it's long been seen as inevitable that unknown “zero-day” vulnerabilities could exist and put customers at risk of attack from other instances within the same cloud infrastructure.
This discovery highlights the need for cloud users to take a “defense-in-depth” approach to securing their cloud infrastructure that includes continuous monitoring for threats – inside and outside the cloud platform. Discovery of Azurescape also underscores the need for cloud service providers to provide adequate access for outside researchers to study their environments, searching for unknown threats.
As part of the commitment of Palo Alto Networks to advancing public cloud security, we actively invest in research that includes advanced threat modeling and vulnerability testing of public cloud platforms and related technologies.
We'd like to recognize Microsoft for setting a great example for other vendors through its industry-leading program for working with outside researchers, which puts security first and allows external penetration testing across Azure. Cooperative security research is vital for advancing and protecting the ongoing development of cloud services that spur innovation. We'd also like to thank MSRC for presenting us with bounty awards.
For a deep dive into how we discovered Azurescape, we encourage you to read the full report on the Unit 42 blog, “Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances.” Here are a few quick facts on how Azurescape works and what to do if you are affected:
We have no knowledge of Azurescape being exploited in the wild. It’s possible the vulnerability existed from ACI's inception, so there is a chance that some organizations were affected. Azurescape also affected ACI containers in Azure Virtual Networks.
ACI is built on multitenant clusters that host customer containers. Originally those were Kubernetes clusters, but over the past year Microsoft started hosting ACI on Service Fabric clusters as well. Azurescape only affects ACI on top of Kubernetes. We don't know of a way to check whether a past ACI container ran on top of Kuberntetes. If you have an existing container, you can run the following command to check whether it runs on top of Kubernetes:
az container exec -n <container-name> --exec-command "hostname"
If the output starts with wk-caas and the container started running before Aug. 31, 2021, it could have been attacked by Azuresape.
If you have privileged credentials deployed to the platform, we recommend rotating them and checking their access logs for suspicious activity.
A cloud native security platform such as Prisma Cloud can provide visibility into this type of activity and alert where appropriate.
Azurescape is a three-step attack. First, the attacker must break out of their ACI container. Second, they gain administrative privileges over a multitenant Kubernetes cluster. Third, they can take control of impacted containers by executing malicious code.
Our research started with WhoC, a container image that uncovers the underlying container runtime of cloud platforms. Through WhoC, we discovered it was possible to escape ACI containers through CVE-2019-5736, a two-year-old vulnerability in runC. We were then able to identify two different methods to gain code execution on the cluster's brain, the api-server.
With code execution on the api-server, we had complete control over the multitenant cluster. We could execute code on customer containers, exfiltrate customer secrets deployed to ACI and possibly even abuse the platform infrastructure for cryptomining.
The rapid acceleration of the shift to the cloud that has occurred in the past few years has made these platforms a prized target for malicious actors. While we’ve long been focused on identifying new cloud threats, discovery of the first cross-account container takeover underscores the importance of that effort. Sophisticated attackers may not be satisfied with targeting end users, and may expand their campaigns to the platforms themself to increase impact and reach.
Cloud users are encouraged to adopt a "defense-in-depth" approach to cloud security to ensure breaches are contained and detected, whether the threat is from the outside or from the platform itself. A combination of shift-left security and runtime protection and anomaly detection presents the best chance of combating similar cross-account attacks.
The best way to prevent attacks on any cloud environment is to implement a comprehensive cloud native security platform such as Prisma Cloud, which is able to detect and mitigate malicious behavior as well as identify vulnerabilities in cloud environments. Learn how Prisma Cloud can secure infrastructure, applications and data across hybrid and multicloud environments.
To learn more about Azurescape, join a webinar with Ariel Zelivansky and Yuval Avrahami, “Azurescape: What to Know About the Microsoft ACI Vulnerability.”