Security News > 2023 > January > Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL

Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL
2023-01-09 21:16

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.

"Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers," reads a report by Microsoft security researcher Sunders Bruskin.

Attacking PostgreSQL. The second initial attack pathway that Microsoft's security experts observed was an uptick in the targeting of misconfigured PostgreSQL servers.

Even if the IP access configuration is strict, Microsoft says Kubernetes is still prone to ARP poisoning, so attackers could spoof apps in the cluster to gain access.

Finally, Microsoft says Defender for Cloud can detect permissive settings and misconfigurations on PostgreSQL containers and help administrators mitigate the risks before hackers leverage them.

For PostgreSQL admins whose servers become infected with Kinsing, BigBinary's Sreeram Venkitesh wrote an article on how the malware infected their device and how they finally removed it.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-kubernetes-clusters-hacked-in-malware-campaign-via-postgresql/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 34 8 92
Postgresql 5 2 25 48 10 85