Security News > 2021 > June > Microsoft: Big Cryptomining Attacks Hit Kubeflow

Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency.

The newly discovered attack is similar to a cryptocurrency mining attack that Microsoft reported last June.

The latest campaign adds some tweaks: As Weizman described it, this time around, the attackers abused the access to the Kubeflow centralized dashboard in order to create a new pipeline.

"While cryptomining campaigns can seem innocuous, they put excess strain on cloud resources, inflict additional cloud and utility costs on attacked parties, shorten the lifespan of IT devices and cause unnecessary business disruption," he told Threatpost via email on Thursday.

"If an attacker can launch a cryptomining campaign on an organization's infrastructure, it's likely that they can launch ransomware as well or gain access to data, intellectual property, personnel files and other at-risk assets that can damage a business if breached," he continued.

What's more concerning still is that for the most part, the data security capabilities built into Kubernetes "Meet bare minimum standards - data at rest protection, and data in motion. There's no persistent protection of data itself, for example, using industry accepted techniques like field-level tokenization. So if an ecosystem is compromised for cryptomining and compute exploitation, it's only a matter of time before the sensitive data being processed by it succumbs to a more insidious attack. In the last 12 months Kubernetes vulnerabilities related to privilege escalation, firewall gaps, and remote code execution in Kubernetes tools certainly show it's vulnerable."

News URL

https://threatpost.com/microsoft-cryptomining-kubeflow/166777/