Why It Matters?
A common technique during an attack is to use stolen credentials to find areas where an attacker can elevate their privilege. This is done to obtain access to compute resources to establish command and control (C2) channel, lateral movement, or execute malicious actions such as lateral movement or deploy malware or back doors.
What Exactly Does This Policy Do?
This policy helps contain an attack and persistent threats by enforcing an MFA prompt for privileged users before they are allowed to connect to production Kubernetes resources. This requirement ensures that users must prove their identity, helping to prevent unauthorized access and reduce the risk of compromise from stolen credentials.
