Cyber security news for all


    Machine-learning clusters in Azure hijacked to mine cryptocurrency

    The Azure company said that attackers used machine-learning clusters rented by customers for cryptocurrency mining at the customers’ expense

    Machine-learning tasks involve a tremendous amount of computing resources. The attackers took advantage of this fact and generated large amounts of the currency while the customers made use of the clusters. The misconfigured node made the attack easy for the attackers.

    Microsoft said, “the infected clusters were running Kubeflow, an open-source framework for machine-learning applications in Kubernetes, which is itself an open-source platform for deploying scalable applications across large numbers of computers. Compromised clusters were numbered in the “tens”. Many of them ran an image available from a public repository, ostensibly to save users the hassle of creating one themselves. Upon further inspection, Microsoft investigators discovered it contained code that surreptitiously mined the Monero Cryptocurrency.”


    Once investigators discovered the infected clusters, the next step was figuring out how the machines were compromised.

    The set-up of the system ensures that access to the administrator’s dashboard and control of Kubeflow is via istio ingress. Istio ingress is a gateway at the edge of the cluster network. It ensures that no unauthorized changes takes place in the cluster.

    Gaining access to the dashboard is just the first step. After this, the attackers explore several options for deploying a backdoor in the clusters.

    One of such options is the placing of a malicious image inside a Jupyter Notebook server.

    A Security-research software engineer in the Azure Security Center, Yossi Weizman; said that the users unknowingly change a setting, which invariably gives attackers access. In the post released on Wednesday, he wrote “we believe that some users chose to do it for convenience, without this action, accessing the dashboard requires tunneling through the Kubernetes API server and isn’t direct. By exposing the Service to the Internet, users can access the dashboard directly. However, this operation enables insecure access to the Kubeflow dashboard, allowing anyone to perform operations in Kubeflow, including deploying new containers in the cluster. Azure Security Center has detected multiple campaigns against Kubernetes clusters in the past that have a similar access vector; an exposed service to the Internet. However, this is the first time we have identified an attack that specifically targets Kubeflow environments specifically.”


    The company’s post gave users multiple techniques for checking if the clusters are vulnerable.




    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox