This technique is an extension of the MITRE ATT&CK matrix and represents an attacker abusing overly permissive container policies.

Malicious actors can exploit containers running in cloud environments by targeting misconfigurations, vulnerabilities in container images, and inadequate isolation between containers. For instance, attackers may exploit improperly configured container settings, such as exposed ports or excessive privileges, to gain unauthorized access. They can also leverage vulnerabilities in outdated or insecure container images to infiltrate the environment. Once inside, attackers might attempt container breakouts to interact with the host system, potentially compromising the entire infrastructure.

Mitigation: Ensure the principle of least privilege is applied to all components of the container service. This principal should also be applied to any policies which assists in the creation of containers. Underlying hosts should be carefully monitored and any unnecessary access should be removed. Regularly audit and update container configurations to avoid misconfigurations and vulnerabilities. Implement robust access controls to prevent unauthorized access and isolate containers using network policies.