Malware campaign targets Kubernetes clusters

News
By published

The campaign seeks to install the Kinsing malware

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Microsoft’s cybersecurity researchers have revealed it spotted an uptick in the deployment of the Kinsing malware on Linux servers. 

As per the company’s report, the attackers are leveraging Log4Shell and Atlassian Confluence RCE weaknesses in container images and misconfigured, exposed PostgreSQL containers to install cryptominers on vulnerable endpoints.

Microsoft’s Defender for Cloud team said hackers were going through these apps in search of exploitable flaws:

  • PHPUnit
  • Liferay
  • Oracle WebLogic
  • WordPress

As for the flaws themselves, they were looking to leverage CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883 - RCE flaws in Oracle’s solutions.

“Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers,” Microsoft claims. “Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001).”

Updating the images

To stay safe, IT managers are advised to update their images to the latest versions and only source the images from official repositories. 

Threat actors love deploying cryptocurrency miners on servers. These remote endpoints are usually computationally powerful, allowing hackers to “mine” large quantities of cryptocurrency without needing the necessary hardware. What’s more, they also eliminate the high electricity costs usually associated with mining cryptos. 

The victims, on the other hand, have plenty to lose. Not only will their servers be rendered useless (as crypto mining is quite compute-heavy), but will also generate high electricity bills. Usually, the amount of cryptos mined and electricity spent is disproportionate, making the entire ordeal that much more painful.

For Microsoft’s Defender for Cloud team, the two techniques discovered are “commonly seen” in real-world attacks on Kubernetes clusters.

Read more

> It's official - Kubernetes has never been more popular

> What is Kubernetes?

> Here are the best firewalls around

“Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources. In addition, attackers can gain access to the cluster by taking advantage of known vulnerabilities in images,” the team said.

“It’s important for security teams to be aware of exposed containers and vulnerable images and try to mitigate the risk before they are breached. As we have seen in this blog, regularly updating images and secure configurations can be a game changer for a company when trying to be as protected as possible from security breaches and risky exposure.”

Via: BleepingComputer

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
A white padlock on a dark digital background.
Developers targeted by malicious Microsoft VSCode extensions
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
More about security
A hand holding an iPhone with the iCloud logo on screen.

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
Best email services: image of email with one unread message alert

Over 400 million unwanted and malicious emails were received by businesses in 2024
Gachapon Capsure Station

Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
See more latest
Most Popular
Gachapon Capsure Station
Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 4: everything we know so far about the hit Prime Video show's next chapter
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
A hand holding an iPhone with the iCloud logo on screen.
"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
A person holding a phone looking at a scam text with warning signs around
A massive SMS toll fee scam is sweeping the US – here’s how to stay safe, according to the FBI
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
The X logo next to a silhouette of Elon Musk
Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
Ray-Ban smart glasses with the Cpperni logo, an LED array, and a MacBook Air with M4 next to ecah other.
ICYMI: the week's 7 biggest tech stories from Twitter's massive outage to iRobot's impressive new Roombas
A hand reaching out to touch a futuristic rendering of an AI processor.
Researchers want to embrace Arm's celebrated paradigm for a universal generative AI processor; a puzzling MEGA.mini core architecture
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today