Malicious campaigns exploit vulnerable Kubernetes clusters for crypto mining

Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to .......

by Vikash Kumawat
0 comment 100 views

Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors.

In a report, cloud security firm Aqua said most of the clusters belonged to small to medium-sized organizations, with a smaller subgroup belonging to large companies spanning the financial, aerospace, automotive, industrial and security sectors.

In total, Kubernetes clusters belonging to more than 350 organizations, open-source projects and individuals were discovered, 60% of which were the target of an active crypto-mining campaign.

Publicly accessible clusters, according to Aqua, suffer from two different types of misconfiguration: allowing anonymous access with elevated privileges and the “–address=`0.0.0.0` –accept-hosts`*`” flags running kubectl proxy with .

“Housing a wide array of sensitive and valuable assets, Kubernetes clusters can store customer data, financial records, intellectual property, access credentials, secrets, configurations, container images, infrastructure credentials, encryption keys, certificates, and network or service information,” security researchers Michael Katchinskiy and Assaf Morag said.

Kubernetes cluster's

Pod lists containing sensitive environment variables and access keys are found in exposed K8s clusters, which can be used by bad actors to gain deeper access to target environments, access source code repositories, and worse, if possible, introduce malicious modifications can be done.

A closer examination of the groups revealed three separate operations aimed at cryptocurrency mining, including the Dero cryptojacking operation, RBAC Buster, and TeamTNT’s SilentBob.

“Despite the serious security implications, such misconceptions are prevalent in organizations regardless of size, indicating a gap in the understanding and management of Kubernetes security,” the researchers said.

You may also like

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00