Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft discovers cryptomining gang hijacking ML-focused Kubernetes clusters

June 11, 2020
in Internet Security
Microsoft discovers cryptomining gang hijacking ML-focused Kubernetes clusters
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft has published a report today detailing a never-before-seen series of attacks against Kubeflow, a toolkit for running machine learning (ML) operations on top of Kubernetes clusters.

The attacks have been going on since April this year, and Microsoft says its end-goal has been to install a cryptocurrency miner on Kubernetes clusters running Kubeflow instances exposed to the internet.

You might also like

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Google funds Linux kernel developers to work exclusively on security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

According to Yossi Weizman, a security researcher with Microsoft’s Azure Security Center, the company has detected these types of attacks against “tens of Kubernetes clusters” running Kubeflow.

But while the number of hijacked clusters is small in comparison to previous Kubernetes attacks, the profits for crooks and the financial losses to server owners are most likely much higher than other attacks seen before.

“Nodes that are used for ML tasks are often relatively powerful, and in some cases include GPUs,” Weizman explained.

“This fact makes Kubernetes clusters that are used for ML tasks a perfect target for crypto mining campaigns, which was the aim of this attack.”

Attacks began in April this year

Microsoft says it’s been tracking these attacks since April when it first saw them get underway and documented the first attack wave, before crooks expanded their focus from general-purpose Kubernetes instances to ML-focused clusters running Kubeflow.

As it learned more from its investigation into the early attacks, Microsoft now says it believes the most likely point of entry for the attacks are misconfigured Kubeflow instances.

In a report today, Microsoft said that Kubeflow admins most likely changed the Kubeflow default settings and exposed the toolkit’s admin panel on the internet. By default, the Kubeflow management panel is exposed only internally and accessible from inside the Kubernetes cluster.

misconfigured-kubeflow.png

Kubernetes threat matrix for the atacks on Kubeflow instances


Image: Microsoft

Weizman said that since April, a cryptomining gang has been scanning for these dashboards, accessing the internet-exposed admin panels, and deploying new server images to Kubeflow clusters, with these images focused on running XMRig, a Monero cryptocurrency mining application.

How to detect hacked Kubeflows

In case server administrators may want to investigate their clusters for any hacked Kubeflow instances, Weizman provided the following steps.

  • Verify that the malicious container is not deployed in the cluster. The following command can help you to check it:

kubectl get pods –all-namespaces -o jsonpath=”{.items[*].spec.containers[*].image}”  | grep -i ddsfdfsaadfs 

  • In case Kubeflow is deployed in the cluster, make sure that its dashboard isn’t exposed to the internet: check the type of the Istio ingress service by the following command and make sure that it is not a load balancer with a public IP:

kubectl get service istio-ingressgateway -n istio-system

Credit: Zdnet

Previous Post

Don’t Tempt Rockstar Into Re-Releasing a $70 Third-Gen GTA V

Next Post

Panasonic i-PRO Offers IDguard Automated Identity Redaction Solution | Security News

Related Posts

More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
COVID pandemic causes spike in cyberattacks against hospitals, medical companies
Internet Security

COVID pandemic causes spike in cyberattacks against hospitals, medical companies

February 24, 2021
Next Post
Panasonic i-PRO Offers IDguard Automated Identity Redaction Solution | Security News

Panasonic i-PRO Offers IDguard Automated Identity Redaction Solution | Security News

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Everything You Need to Know About Evolving Threat of Ransomware
Internet Privacy

Everything You Need to Know About Evolving Threat of Ransomware

February 25, 2021
Machine learning speeding up patent classifications at USPTO
Machine Learning

Machine learning speeding up patent classifications at USPTO

February 25, 2021
How to Make Data Annotation More Efficient? | by ByteBridge | Feb, 2021
Neural Networks

How to Make Data Annotation More Efficient? | by ByteBridge | Feb, 2021

February 25, 2021
How to Nail Virtual and Digital Communication
Marketing Technology

How to Nail Virtual and Digital Communication

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • More than 6,700 VMware servers exposed online and vulnerable to major new bug February 25, 2021
  • Everything You Need to Know About Evolving Threat of Ransomware February 25, 2021
  • Machine learning speeding up patent classifications at USPTO February 25, 2021
  • How to Make Data Annotation More Efficient? | by ByteBridge | Feb, 2021 February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates