Security News > 2023 > October > Jupyter Notebooks targeted by cryptojackers

Cryptojackers are targeting exposed Jupyter Notebooks to install cryptominers and steal credential files for popular cloud services, researchers have uncovered.

"Jupyter is a service that allows you to host individual snippets of code and lets others execute this code in an isolated environment. A Jupyter Notebook refers to an instance of the Jupyter web application," Matt Muir, Threat Research Lead at Cado Security, told Help Net Security.

Jupyter Notebooks can be deployed by organizations on-premises or remote servers, but are also commonly deployed in cloud environments as managed services.

The researchers shared YARA rules and indicators of compromise, and advised users with Jupyter Notebook deployments to review the security of the Jupyter servers themselves, and to pay particular attention to firewall and security group configurations.

"Contemporary versions of Jupyter include token-based authentication which is enabled by default. You can also opt to secure the server with a password. We'd recommend taking a defense-in-depth approach and adding additional networking security measures, such as firewalling and building an IP allowlist," says Muir.

"If an attack succeeded in compromising the underlying infrastructure upon which the Jupyter Notebook is running, the cloud provider would need to remediate that."

News URL

https://www.helpnetsecurity.com/2023/10/18/jupyter-notebooks-cryptojackers/