Microsoft discovers cryptomining gang hijacking ML-focused Kubernetes clusters

kubeflow.png

Microsoft has published a report today detailing a never-before-seen series of attacks against Kubeflow, a toolkit for running machine learning (ML) operations on top of Kubernetes clusters.

The attacks have been going on since April this year, and Microsoft says its end-goal has been to install a cryptocurrency miner on Kubernetes clusters running Kubeflow instances exposed to the internet.

According to Yossi Weizman, a security researcher with Microsoft’s Azure Security Center, the company has detected these types of attacks against “tens of Kubernetes clusters” running Kubeflow.

But while the number of hijacked clusters is small in comparison to previous Kubernetes attacks, the profits for crooks and the financial losses to server owners are most likely much higher than other attacks seen before.

“Nodes that are used for ML tasks are often relatively powerful, and in some cases include GPUs,” Weizman explained.

“This fact makes Kubernetes clusters that are used for ML tasks a perfect target for crypto mining campaigns, which was the aim of this attack.”

Attacks began in April this year

Microsoft says it’s been tracking these attacks since April when it first saw them get underway and documented the first attack wave, before crooks expanded their focus from general-purpose Kubernetes instances to ML-focused clusters running Kubeflow.

As it learned more from its investigation into the early attacks, Microsoft now says it believes the most likely point of entry for the attacks are misconfigured Kubeflow instances.

In a report today, Microsoft said that Kubeflow admins most likely changed the Kubeflow default settings and exposed the toolkit’s admin panel on the internet. By default, the Kubeflow management panel is exposed only internally and accessible from inside the Kubernetes cluster.

misconfigured-kubeflow.png

misconfigured-kubeflow.png

Kubernetes threat matrix for the atacks on Kubeflow instances

Image: Microsoft

Weizman said that since April, a cryptomining gang has been scanning for these dashboards, accessing the internet-exposed admin panels, and deploying new server images to Kubeflow clusters, with these images focused on running XMRig, a Monero cryptocurrency mining application.

How to detect hacked Kubeflows

In case server administrators may want to investigate their clusters for any hacked Kubeflow instances, Weizman provided the following steps.

  • Verify that the malicious container is not deployed in the cluster. The following command can help you to check it:

kubectl get pods –all-namespaces -o jsonpath=”{.items[*].spec.containers[*].image}”  | grep -i ddsfdfsaadfs 

  • In case Kubeflow is deployed in the cluster, make sure that its dashboard isn’t exposed to the internet: check the type of the Istio ingress service by the following command and make sure that it is not a load balancer with a public IP:

kubectl get service istio-ingressgateway -n istio-system

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin54,970 1.95 % 0.02 % 8.51 %
Ethereum4,124.7 2.53 % 0.14 % 7.02 %
Binance Coin591.99 2.04 % 3.47 % 2.24 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana189.15 2.66 % 3.89 % 13.36 %
Cardano1.480 2.62 % 5.47 % 23.04 %
XRP0.9278 2.55 % 3.35 % 15.68 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

bitcoin
Bitcoin (BTC) $ 54,718.00
ethereum
Ethereum (ETH) $ 4,102.84
binance-coin
Binance Coin (BNB) $ 593.47
tether
Tether (USDT) $ 1.01
solana
Solana (SOL) $ 188.17
cardano
Cardano (ADA) $ 1.48
xrp
XRP (XRP) $ 0.922238
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 33.53
dogecoin
Dogecoin (DOGE) $ 0.1981