Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Machine Learning

Crypto-Jackers Target Exposed Kubernetes Workloads

June 13, 2020
in Machine Learning
Crypto-Jackers Target Exposed Kubernetes Workloads
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

via Shutterstock

You might also like

Machine intelligence – Spy agencies have high hopes for AI | Science & technology

AI and machine learning’s moment in health care

Could Privacy-Preserving, Machine-Learning Tools Recover Private Data? [STUDY]

As the Kubernetes cluster orchestrator moves deeper into enterprise infrastructure, cyber criminals continue to probe for weaknesses, frequently targeting application container image repositories.

The latest onslaught involves misconfigured Kubeflow machine learning clusters running in the Microsoft Azure cloud. The company said crypto-currency miners succeeded in deploying a malicious Kubeflow image via an exposed Kubernetes dashboard. It then spread from a single public repository to “tens” of Kubernetes clusters. The image was found to contain crypto-jacking malware used to mine a virtual currency known as XMRIG.

The security threat aimed at the Kubernetes machine learning toolkit was disclosed this week by Microsoft’s Azure Security Center. Once inside, a “backdoor” container wormed its way through the cluster, established itself as a legitimate “container service account” and began hijacking computing resources to mine cryptocurrency.

Kubeflow nodes, widely used to run TensorFlow machine learning tasks on Kubernetes, are proving attractive to crypto-jackers given their substantial processing power often augmented by GPUs. “This fact makes Kubernetes clusters that are used for [machine learning] tasks a perfect target for crypto-mining campaigns, which was the aim of this attack,” Yossi Weizman, a Microsoft Azure security software engineer, noted in a blog post disclosing the threat.

Microsoft said it has previously detected multiple campaigns against Kubernetes clusters running on Azure. The access point was often services exposed to the Internet. “This is the first time that we have identified an attack that targets Kubeflow environments specifically,” Weizman noted.

With misconfigured Kubeflow workloads documented as a security threat, Microsoft said security teams should verify that malicious containers are not deployed in a cluster. Another step is insuring Kubernetes dashboards aren’t exposed to the Internet via, for example, a public Internet Protocol.

The cloud vendor (NASDAQ: MSFT) also recommends tightening authentication and access controls for machine learning and other applications. As with previous exploits against Kubernetes, IT teams are urged to use only trusted container images while scanning others for vulnerabilities before deploying in production.

Still, security vendors said the hijacking of cloud computing resources to mine for cryptocurrency will persist as long as the practice remains profitable. Hence, it’s worth the risk. The Azure exploit is similar to earlier backdoor attacks on Docker Hub images, experts said. The computing horsepower of Kubernetes clusters accelerated by GPUs to run machine learning workloads makes them inviting targets for crypto-jackers, said Wei Lien Dang, co-founder and chief strategy officer at StackRox.

“Organizations must take specific steps to ensure they’re protecting their container and Kubernetes assets across build, deploy and runtime,” Dang added.

Protecting Kubernetes assets remains a challenge because public repositories like Docker Hub are thought to contain many malicious container images. “There needs to be broader awareness that any image out there could be embedded with code used to attack Kubernetes,” said Tsvi Korren, CTO at cloud native protection vendor Aqua Security.

“The only way to defend against that is for organizations to have policies that require both static scanning and dynamic analysis of the images that they accept,” Korren added.

Related

Tags:
crypto-currency mining,crypto-jacking worm,cryptocurrency,cybersecurity,Docker Hub,image repository,Kubeflow,Kubernetes,Machine Learning,Microsoft Azure,TensorFlow,XMRIG

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of “Calculated Risk: The Supersonic Life and Times of Gus Grissom” (Purdue University Press, 2016).

Credit: Google News

Previous Post

What are the applications of AI in the fashion industry?

Next Post

Dow Jones Rally Deflates as Kudlow’s Fox News Pump Falls Flat

Related Posts

Machine intelligence – Spy agencies have high hopes for AI | Science & technology
Machine Learning

Machine intelligence – Spy agencies have high hopes for AI | Science & technology

March 5, 2021
AI and machine learning’s moment in health care
Machine Learning

AI and machine learning’s moment in health care

March 4, 2021
Could Privacy-Preserving, Machine-Learning Tools Recover Private Data? [STUDY]
Machine Learning

Could Privacy-Preserving, Machine-Learning Tools Recover Private Data? [STUDY]

March 4, 2021
Machine learning: is there a limit to technological patents in Brazil?
Machine Learning

The use of artificial intelligence in life sciences and the protection of the IP rights

March 4, 2021
AWS launches webinar for marketers looking to maximise their machine learning strategy
Machine Learning

AWS launches webinar for marketers looking to maximise their machine learning strategy

March 4, 2021
Next Post
Dow Jones Rally Deflates as Kudlow’s Fox News Pump Falls Flat

Dow Jones Rally Deflates as Kudlow’s Fox News Pump Falls Flat

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Singapore Airlines frequent flyer members hit in third-party data security breach
Internet Security

Singapore Airlines frequent flyer members hit in third-party data security breach

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Generation Z: How post-millennial young people are engaging with blockchain
Blockchain

Generation Z: How post-millennial young people are engaging with blockchain

March 5, 2021
Machine intelligence – Spy agencies have high hopes for AI | Science & technology
Machine Learning

Machine intelligence – Spy agencies have high hopes for AI | Science & technology

March 5, 2021
8 concepts you must know in the field of Artificial Intelligence | by Diana Diaz Castro | Feb, 2021
Neural Networks

8 concepts you must know in the field of Artificial Intelligence | by Diana Diaz Castro | Feb, 2021

March 5, 2021
A Quick Guide to Understanding YouTube Ads [Infographic]
Marketing Technology

A Quick Guide to Understanding YouTube Ads [Infographic]

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Singapore Airlines frequent flyer members hit in third-party data security breach March 5, 2021
  • CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws March 5, 2021
  • Generation Z: How post-millennial young people are engaging with blockchain March 5, 2021
  • Machine intelligence – Spy agencies have high hopes for AI | Science & technology March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates