Kubernetes Falls to Cryptomining via Machine-Learning Framework

2020-06-11 18:42

The Kubeflow open-source project is a popular framework for running machine-learning tasks in Kubernetes.

Because Kubeflow is a containerized service, these various tasks run as containers in the Kubernetes cluster, and each can present a path for an attacker into the core Kubernetes architecture.

"The framework is divided into different namespaces [containers], which are a collection of Kubeflow services. Those namespaces are translated into Kubernetes namespaces in which the resources are deployed."

In the case of the April cryptomining campaign, Microsoft observed attackers using an exposed Kubeflow dashboard for gaining initial access to the cluster.

While this is the first known attack to use Kubeflow as an initial pathway into Kubernetes clusters, containerization technology is no stranger to cryptomining offensives.

News URL

https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/

#cryptomining #framework #kubernetes #machinelearning

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Kubernetes		18	12	49	23	5	89

News URL

Related news

Related vendor