Security News > 2020 > June > Microsoft Identifies Attack Targeting Kubeflow Environments
The observed attack, Microsoft reveals, was aimed at mining for cryptocurrency using Kubernetes clusters, which is not surprising, given the fact that some nodes used for ML tasks are often relatively powerful, and in some cases include GPUs.
"By exposing the Service to the Internet, users can access to the dashboard directly. However, this operation enables insecure access to the Kubeflow dashboard, which allows anyone to perform operations in Kubeflow, including deploying new containers in the cluster," Microsoft explains.
Once access to the dashboard is available, the attacker can deploy a backdoor container in the cluster using various methods, such as the creation of a Jupyter notebook server, or the deployment of a malicious container from an existing Jupyter notebook.
Since Kubeflow is a containerized service, meaning that tasks run as containers in the cluster, an attacker would only need to gain access to Kubeflow to run a malicious image.
"The attacker used an exposed dashboard for gaining initial access to the cluster. The execution and persistence in the cluster were performed by a container that was deployed in the cluster. The attacker managed to move laterally and deploy the container using the mounted service account. Finally, the attacker impacted the cluster by running a cryptocurrency miner," Microsoft notes.
News URL
Related news
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)