Security News > 2020 > June > Kubernetes Falls to Cryptomining via Machine-Learning Framework

Kubernetes Falls to Cryptomining via Machine-Learning Framework
2020-06-11 18:42

The Kubeflow open-source project is a popular framework for running machine-learning tasks in Kubernetes.

Because Kubeflow is a containerized service, these various tasks run as containers in the Kubernetes cluster, and each can present a path for an attacker into the core Kubernetes architecture.

"The framework is divided into different namespaces [containers], which are a collection of Kubeflow services. Those namespaces are translated into Kubernetes namespaces in which the resources are deployed."

In the case of the April cryptomining campaign, Microsoft observed attackers using an exposed Kubeflow dashboard for gaining initial access to the cluster.

While this is the first known attack to use Kubeflow as an initial pathway into Kubernetes clusters, containerization technology is no stranger to cryptomining offensives.


News URL

https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 34 8 92