T1611 Escape to Host
Adversaries may break out of a container to gain access to the underlying host. This can allow an adversary access to other containerized resources from the host level or to the host itself. In principle, containerized resources should provide a clear separation of application functionality and be isolated from the host environment.1
There are multiple ways an adversary may escape to a host environment. Examples include creating a container configured to mount the host’s filesystem using the bind parameter, which allows the adversary to drop payloads and execute control utilities such as cron on the host, or utilizing a privileged container to run commands on the underlying host.234 Adversaries may also escape via Exploitation for Privilege Escalation, such as exploiting vulnerabilities in global symbolic links in order to access the root directory of a host machine.5
Gaining access to the host may provide the adversary with the opportunity to achieve follow-on objectives, such as establishing persistence, moving laterally within the environment, or setting up a command and control channel on the host.
| Item | Value |
|---|---|
| ID | T1611 |
| Sub-techniques | |
| Tactics | TA0004 |
| Platforms | Containers, Linux, Windows |
| Permissions required | Administrator, User, root |
| Version | 1.2 |
| Created | 30 March 2021 |
| Last Modified | 01 April 2022 |
Procedure Examples
| ID | Name | Description |
|---|---|---|
| S0600 | Doki | Doki’s container was configured to bind the host root directory.4 |
| S0601 | Hildegard | Hildegard has used the BOtB tool that can break out of containers. 9 |
| S0683 | Peirates | Peirates can gain a reverse shell on a host node by mounting the Kubernetes hostPath.7 |
| S0623 | Siloscape | Siloscape maps the host’s C drive to the container by creating a global symbolic link to the host through the calling of NtSetInformationSymbolicLink.8 |
| G0139 | TeamTNT | TeamTNT has deployed privileged containers that mount the filesystem of victim machine.1011 |
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| M1048 | Application Isolation and Sandboxing | Consider utilizing seccomp, seccomp-bpf, or a similar solution that restricts certain system calls such as mount. In Kubernetes environments, consider defining a Pod Security Policy that limits container access to host process namespaces, the host network, and the host file system.6 |
| M1038 | Execution Prevention | Use read-only containers, read-only file systems, and minimal images when possible to prevent the running of commands.6 |
| M1026 | Privileged Account Management | Ensure containers are not running as root by default. In Kubernetes environments, consider defining a Pod Security Policy that prevents pods from running privileged containers.6 |
Detection
| ID | Data Source | Data Component |
|---|---|---|
| DS0032 | Container | Container Creation |
| DS0009 | Process | OS API Execution |
| DS0034 | Volume | Volume Modification |
References
-
Docker. (n.d.). Docker Overview. Retrieved March 30, 2021. ↩
-
Docker. (n.d.). Use Bind Mounts. Retrieved March 30, 2021. ↩
-
Fiser, D., Oliveira, A.. (2019, December 20). Why a Privileged Container in Docker is a Bad Idea. Retrieved March 30, 2021. ↩
-
Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021. ↩↩
-
Daniel Prizmant. (2020, July 15). Windows Server Containers Are Open, and Here’s How You Can Break Out. Retrieved October 1, 2021. ↩
-
National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022. ↩↩↩
-
InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022. ↩
-
Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021. ↩
-
Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021. ↩
-
Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021. ↩
-
Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021. ↩
-
FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved April 1, 2021. ↩