Skip to main content

Cryptocurrency mining attack against Kubernetes clusters

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Several vendors in recent days have reported a huge surge in illegal crypto-mining activity involving millions of hijacked computers worldwide.

Kubernetes have been phenomenal in improving developer productivity. With lightweight portable containers, packaging and running application code is effortless. However, while developers and applications can benefit from them, many organizations have knowledge and governance gaps, which can create security gaps.

Some of the Past Cases of Cryptocurrency on Kubernetes cluster:

Tesla Case: The cyber thieves gained access to Tesla's Kubernetes administrative console, which exposed access credentials to Tesla's AWS environment. Once an attacker gains admin privilege of the Kubernetes cluster, he or she can discover all the services that are running, get into every pod to access processes, inspect files and tokens, and steal secrets managed by the Kubernetes cluster.

Jenkins Case: Hackers used an exploit to install malware on Jenkins servers to perform crypto mining, making over $3 million to date. Although most affected systems were personal computers, it’s a stern warning to enterprise security teams planning to run Jenkins in containerized form that constant monitoring and security is required for business critical applications.

Recently, Azure Security Center detected a new crypto mining campaign that targets specifically Kubernetes environments. What differs this attack from other crypto mining attacks is its scale: within only two hours a malicious container was deployed on tens of Kubernetes clusters.

There are three options for how an attacker can take advantage of the Kubernetes dashboard:

  1. Exposed dashboard: The cluster owner exposed the dashboard to the internet, and the attacker found it by scanning.

  2. The attacker gained access to a single container in the cluster and used the internal networking of the cluster for accessing the dashboard.

  3. Legitimate browsing to the dashboard using cloud or cluster credentials.

How could this be avoided?

As per Microsoft's Recommendations, follow the below:

  1. Do not expose the Kubernetes dashboard to the Internet: Exposing the dashboard to the Internet means exposing a management interface.

  2. Apply RBAC in the cluster: When RBAC is enabled, the dashboard’s service account has by default very limited permissions which won’t allow any functionality, including deploying new containers.

  3. Grant only necessary permissions to the service accounts: If the dashboard is used, make sure to apply only necessary permissions to the dashboard’s service account. For example, if the dashboard is used for monitoring only, grant only “get” permissions to the service account.

  4. Allow only trusted images: Enforce deployment of only trusted containers, from trusted registries.



Refer: Azure Kubernetes Services integration with Security Center

Source: https://azure.microsoft.com/en-us/blog/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters/



Comments

  1. Excellent .. Amazing .. I’ll bookmark your blog and take the feeds also…I’m happy to find so many useful info here in the post, we need work out more techniques in this regard, thanks for sharing. click

    ReplyDelete
  2. When utilized, the exchange data is communicated to a blockchain in the system under an open key, keeping each coin from being spent twice from a similar client. The blockchain can be thought of as the clerk's register.Getnode Test

    ReplyDelete
  3. Interesting and amazing how your post is! It Is Useful and helpful for me That I like it very much, and I am looking forward to Hearing from your next.. Where to buy antminers

    ReplyDelete
  4. This will lead to a lot of dynamism and liquidity much needed for Free $10 in Bitcoin when you signup any growing financial markets. Cryptocurrency will become the defacto currency for transactions all over the world.

    ReplyDelete
  5. Your shared three options for how an attacker can take advantage of the Kubernetes dashboard are very beneficial for us , because , by following we can safe our data. Essay Writing Service

    ReplyDelete
  6. To send Bitcoins to another client or pay for online buys, get that individual/merchant's distinguishing proof number and move Bitcoins on the web. bitcoin mixer

    ReplyDelete
  7. The awesome thing about coin enchantment is that it tends to be performed anyplace, whenever. Stunning impacts can be cultivated without any tricks or planning at all, and coins are one prop that is consistently near. coin master

    ReplyDelete
  8. A debt of gratitude is in order for your post. I've been contemplating composing an extremely tantamount post in the course of the last couple of weeks, I'll most likely keep it straightforward and connection to this rather if thats cool. Much obliged. Best ethereum cryptocurrency investment website

    ReplyDelete
  9. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! Best bitcoin cryptocurrency investment website

    ReplyDelete
  10. This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here keep up the good work Top 10 cryptocurrency stocks to invest in

    ReplyDelete
  11. In electronic interfaces the players can play the online casino games straightforwardly in the nearby PC framework, without downloading any extra programming. In the second kind programming must be basically downloaded. Play Vegas Slots

    ReplyDelete
  12. I found that site very usefull and this survey is very cirious, I ' ve never seen a blog that demand a survey for this actions, very curious... best cryptocurrency index fund

    ReplyDelete
  13. Great survey, I'm sure you're getting a great response. farmacia online bitcoin españa

    ReplyDelete
  14. A very delightful article that you have shared here. Your blog is a valuable and engaging article for us, and also I will share it with my companions who need this info,buy cryptocurrency with MastercardCanada Thankful to you for sharing an article like this.

    ReplyDelete
  15. I liked your work and, as a result, the manner you presented this content about Cryptocurrency Online Trading.It is a valuable paper for us. Thank you for sharing this blog with us.

    ReplyDelete
  16. Very nice! Guys! Don't waste your time and come! Come here and check how go it is! This is the best service fore essay writing and homework, and you can be sure! You can be sure that they will help you! Just write them personal statement writing help papers writing services and be happy to use! Good luck!

    ReplyDelete
  17. I am very thankful to you that you have shared this information with us. Read more info about Crypto Buy and Sell Services in Nigeria. I got some different kind of knowledge from your web page, and it is really helpful for everyone. Thanks for share it.

    ReplyDelete

Post a Comment

Thanks for your comment. In case of any concerns, please contact me at er.ashishsharma@outlook.com

Popular posts from this blog

Comparison between Azure Application Gateway V1 and V2

Microsoft has announced new version of Azure Application Gateway and its Web Application Firewall module (WAF). In this article, we will discuss about the enhancements and new highlights that are available in the new SKUs i.e. Standard_v2 and WAF_v2. Enhancements and new features: Scalability: It allows you to perform scaling of the number of instances on the traffic. Static VIP: The VIP assigned to the Application Gateway can be static which will not change over its lifecycle. Header Rewrite: It allows you to add, remove or update HTTP request and response headers on application gateway. Zone redundancy: It enables application gateway to survive zonal failures which allows increasing the resilience of applications. Improved Performance: Improvement in performance during the provisioning and during the configuration update activities. Cost: V2 SKU may work out to be overall cheaper for you relative to V1 SKU. For more information, refer Microsoft prici

Difference between Azure Front Door Service and Traffic Manager

Azure Front Door Service is Microsoft’s highly available and scalable web application acceleration platform and global HTTP(s) load balancer. Azure Front Door Service supports Dynamic Site Acceleration (DSA), SSL offloading and end to end SSL, Web Application Firewall, cookie-based session affinity, URL path-based routing, free certificates and multiple domain management. In this article, I will compare Azure Front Door to Azure Traffic Manager in terms of performance and functionality. Similarity: Azure Front Door service can be compared to Azure Traffic Manager in a way that this also provides global HTTP load balancing to distribute traffic across different Azure regions, cloud providers or even with your on-premises. Both AFD & Traffic Manager support: Multi-geo redundancy: If one region goes down, traffic routes to the closest region without any intervention. Closest region routing: Traffic is automatically routed to the closest region. Differences: Azu

Install Solr as an Azure App Service

After Sitecore 9.0.2, Solr is a supported search technology for Sitecore Azure PAAS deployments. In this article, we will install SOLR service 8.4.0 in Azure App Service for Sitecore 10. 1. Create Azure App Service Login to Azure and create Azure App service. Make sure Runtime stack should be Java. 2. Download Solr Download Solr 8.4.0 from https://archive.apache.org/dist/lucene/solr/ Extract the files and add the below web.config file in the Solr package. <?xml version="1.0" encoding="UTF-8"?> <configuration>  <system.webServer>      <handlers>      <add  name="httpPlatformHandler"            path="*"            verb="*"            modules="httpPlatformHandler"            resourceType="Unspecified" />    </handlers>    <httpPlatform processPath="%HOME%\site\wwwroot\bin\solr.cmd"        arguments="start -p %HTTP_PLATFORM_PORT%"

Azure Machine Learning public preview announcement //Build, May 2021

Azure service updates Azure Machine Learning public preview announcement //Build, May 2021 New feature: Prebuilt Docker images for Inferencing, now in public preview. Click here for more information.

Azure Blob storage - Last access time tracking now generally available

Azure service updates Azure Blob storage - Last access time tracking now generally available This feature helps administrators control costs through the automatic tiering and deletion of blobs via tiering including when the data was last read. Click here for more information.