A new shopping cart K8s deployment relying on third-party APIs was left open to the internet, where attackers used a machine identity to enter the company’s application internals and initiate a lateral attack. With instance scaling, new IP-addresses were dynamically assigned and the hard-coded network layer rules did not work. This breach in the shopping cart instance allowed the attacker to hop through the recommendation service and payment service instances, eventually stealing customer PII data
stored in their AWS S3 bucket.
Only Operant is able to stop this kind of lateral attack because Operant understands all of the live application traffic flow across every layer of the application and has the ability to enforce security policies within your environment: