Microsoft has issued a warning about ongoing cyberattacks targeting vulnerable Kubernetes clusters, with the goal of mining cryptocurrency for the attackers.
The Redmond software giant identified a series of attacks against clusters running Kubeflow machine learning (ML) instances. Microsoft said the attacks started in late May, when its researchers spotted a sudden rise in TensorFlow machine learning pod reployments.
“The burst of deployments on the various clusters was simultaneous,” said Yossi Weizman, Senior Security Researcher at Microsoft. “This indicates that the attackers scanned those clusters in advance and maintained a list of potential targets, which were later attacked on the same time.”
The company says criminals gained access to the clusters through internet-exposed Kubeflow dashboards, which shouldn’t be open to the public. After gaining access, the attackers modified legitimate pods in order to have them mine cryptocurrency. It was said that at least two separate pods on each of the compromised clusters were deployed – one for CPU mining, and one for GPU mining.
“The attack is still active, and new Kubernetes clusters that run Kubeflow [are getting] compromised,” Weizman warned.
Less than a week ago, cybersecurity researchers at Palo Alto warned of the first-ever malware to target Windows containers. Named Siloscape, Palo Alto said the malware could potentially be used for cryptojacking.