Quick Hits

Cryptominers Found in Azure Kubernetes Containers

Images from a public repository contained cryptominers that Microsoft researchers found in Kubeflow instances running on Azure.

A new criminal campaign is targeting Kubernetes clusters on Microsoft Azure to turn misconfigured Kubeflow workloads into cryptominers. 

Kubeflow is an open source project that started as a toolkit for learning TensorFlow in Kubernetes and has since become a common framework for running machine learning applications in containers. Microsoft researchers found a suspicious image from a public repository being deployed on Azure Kubernetes clusters. The image resulted in a cryptominer named XMRig being run in the containers.

Because of Kubeflow's nature, it provides an excellent backdoor for attackers looking to gain access to Kubernetes containers within a cluster. The researchers recommend all Kubernetes cluster owners to check that any Kubeflow dashboards are not exposed to the Internet and that a container named "ddsfdfsaadfs" is not running within their clusters. More broadly, owners should only run trusted images and should monitor containers based on them for activity.

Read more here.

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register

Editors' Choice
Jeffrey Schwartz, Contributing Writer, Dark Reading
Jai Vijayan, Contributing Writer, Dark Reading