Skip to main content

Kubernetes Clusters Used to Mine Monero by Attackers

kubernetes

Attackers are abusing an attack vector present in one of the most popular execution engines (Argo Workflows) to repurpose Kubernetes systems to mine cryptocurrencies. The attack exploits a vulnerability in the system of permissions of Argo Workflows machines connected to the internet, deploying malicious workflows that install Monero-based containers.

Attackers Leveraging Argo Workflows for Crypto Mining

A group of attackers discovered a new attack vector that uses a vulnerability in the permission system of Argo Workflows, one of the most used execution engines for Kubernetes, to install cryptocurrency mining modules in machines connected to the internet. This vulnerability means that every instance of Kubernetes, one of the most used cloud computing systems, could be used to mine Monero if it is paired with Argo Workflows.

A report from Intezer, a cybersecurity firm, informs they have already identified infected nodes and others vulnerable to this attack. The unprotected nodes allow any user to ping them and insert their own workflows into the system. This means anyone can use the resources in a vulnerable system and direct them to any task.

Luckily for attackers, there are several Monero-based cryptocurrency mining containers that can be leveraged easily to start mining Monero using these Kubernetes machines. Most of them are derived from kannix/monero-miner, but there are more than 45 other containers available to use. This is why security experts are anticipating large-scale attacks involving this vulnerability.

Cloud Computing Vulnerability

This is just one of the recent attack vectors compromising cloud computing platforms and being used to enable cryptocurrency mining. Just last month, Microsoft informed of a similar attack that also targeted Kubernetes clusters with Kubeflow machine learning (ML) instances. Attackers use the vulnerable nodes to mine monero and also ethereum using Ethminer.

Attacks to this kind of platform started gaining traction back in April 2020, when Microsoft reported an instance that caused tens of thousands of infections in just two hours. These attacks have also prompted companies to switch their policies to avoid abuse. This is the case of Docker, which had to put limits to the free tier of its product because attackers were using its autobuild function to deploy cryptocurrency miners in its free servers.

What do you think about these attacks targeting Kubernetes nodes? Tell us in the comments section below.



from Bitcoin News https://ift.tt/2WkF8KO
Labels:

Comments

Post a Comment

Popular posts from this blog

Mt Gox Creditors Updated, Trustee Says Rehabilitation Custodian Is ‘Currently Preparing to Make Repayments’

On August 31, 2022, the Mt Gox trustee Nobuaki Kobayashi explained in a recent letter that the rehabilitation custodian is “currently preparing to make repayments” to Mt Gox creditors. Trustee Updates Mt Gox Creditors — Repayment Date and Exchange Still Unknown Last week speculation and rumors concerning the release of 140K bitcoin ( BTC ) from Mt Gox littered social media platforms and headlines. Bitcoin.com News covered the situation six days ago as a number of people and Mt Gox creditors called the rumors “ fake news .” During that same period of time, a bitcoin whale transferred 10,000 BTC to unknown wallets, and a 2018 annotation , heuristics, and clustering methods show the funds likely originated from the June 2011 Mt Gox hacks. Following the mysterious whale transfer, last Wednesday, Mt Gox published an official update from the court trustee Nobuaki Kobayashi that explains the court is “currently preparing to make repayments” to creditors. Mt Gox creditors have been wait...
Post a Comment
Read more

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli...
Post a Comment
Read more

DefiDollar Listing on AscendEX

PRESS RELEASE. AscendEX, formerly BitMax, an industry-leading digital asset trading platform built by Wall Street quant trading veterans, has announced the listing of the DefiDollar Token (DFD) under the pair USDT/DFD on Apr 29 at 1:00 p.m. UTC. DefiDollar is a DeFi lab that aims to bring mass adoption to DeFi with a wide-ranging product suite. The first product offering to go live will be the stablecoin index – DUSD, with ibBTC and optionCoin currently in development. DefiDollar (DUSD) aspires to be a risk-insured stablecoin layer for DeFi. It is designed to provide a safe and stable way for users to hold their assets with DUSD being optimized for peg safety, yield, and diversification. DefiDollar uses DeFi primitives to stay close to the dollar mark. DUSD provides an avenue for diversifying stablecoin holdings to hedge against an event where the underlying stablecoins like Tether or DAI deviate from their peg. DUSD is collateralized by Curve Finance LP tokens. DFD is the n...
Post a Comment
Read more