Update: In a statement, OpenMetadata told us, "The OpenMetadata community takes the security and trust of the open-source project seriously. We also get the help of security researchers on publicly available code to find vulnerabilities and address them quickly. CVE-2024-XXXX is a security vulnerability that was previously disclosed on Dec 14 and subsequently patched on Jan 5. Please refer to this blog post for more details. "
Hackers have been observed abusing flaws in OpenMetadata workloads to install cryptocurrency miners on Kubernetes.
Cybersecurity researchers from the Microsoft Threat Intelligence team reported of a new campaign, which started in early April 2024 that saw unidentified threat actors were scanning the web for internet-connected OpenMetadata workloads, vulnerable to these five flaws: CVE-2024-28847, CVE-2024-28848, CVE-2024-28253, CVE-2024-28254, and CVE-2024-28255.
Once found, they would abuse these flaws with malware, to gain a foothold on the systems. After a bit of analysis and reconnaissance, the attackers would install cryptocurrency miners on Kubernetes workloads.
Cryptomining season
OpenMetadata is an open source framework and standard for managing metadata in an open and interoperable manner across various tools, technologies, and platforms. Metadata is essentially data about data, providing context, description, and structure to the actual data.
Among various cryptocurrency miners, the standout one is called XMRig. It’s a lightweight program that “mines” (generates, essentially), the Monero currency, also known as XMR. Monero is described as a privacy-oriented coin, almost impossible to trace, making it particularly interesting for cybercriminals.
“Mining” cryptocurrency refers to conducting compute-heavy operations, which render the computer doing them useless for anything else, even if the device is extremely powerful. At the same time, the device will spend an enormous amount of electrical power mining the crypto, raking up huge electricity bills for the victims.
The attackers, on the other hand, will get disproportionally few cryptos, making the damage done that much greater.
On the flip side, being infected with a cryptominer is relatively easy to spot, since the compromised computer slows down to a crawl. However, since the crypto bull run is currently in full swing, we can expect to see more of these crypto miners around.
"This attack serves as a valuable reminder of why it's crucial to stay compliant and run fully patched workloads in containerized environments," the researchers said.
Via The Hacker News
More from TechRadar Pro
- Crypto miner arrested for skipping on millions in cloud server bills
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
