Security News > 2021 > June > Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers.

"The burst of deployments on the various clusters was simultaneous. This indicates that the attackers scanned those clusters in advance and maintained a list of potential targets, which were later attacked on the same time," Microsoft's Senior Security Research Engineer Yossi Weizman said in a report.

The intrusions also echo similar attacks observed by Microsoft Azure Security Center last April that abused Internet-exposed Kubeflow dashboards to deploy a backdoor container for a crypto-mining operation.

"As part of the attacking flow, the attackers also deployed [a] reconnaissance container that queries information about the environment such as GPU and CPU information, as preparation for the mining activity," Weizman said.

The development comes days after Palo Alto Networks' Unit 42 threat intelligence team disclosed a brand new form of malware called Siloscope designed to compromise Kubernetes clusters through Windows containers.

Microsoft has also published a threat matrix for Kubernetes to better understand the attack surface of containerized environments and assist organizations in identifying current gaps in their defenses to secure against threats targeting Kubernetes.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/dhqyoGbKN48/crypto-mining-attacks-targeting.html