Malware campaign targets Kubernetes clusters

Microsoft’s cybersecurity researchers have revealed it spotted an uptick in the deployment of the Kinsing malware on Linux servers.  As p...

Microsoft’s cybersecurity researchers have revealed it spotted an uptick in the deployment of the Kinsing malware on Linux servers. 

As per the company’s report, the attackers are leveraging Log4Shell and Atlassian Confluence RCE weaknesses in container images and misconfigured, exposed PostgreSQL containers to install cryptominers on vulnerable endpoints.

Microsoft’s Defender for Cloud team said hackers were going through these apps in search of exploitable flaws:

  • PHPUnit
  • Liferay
  • Oracle WebLogic
  • WordPress

As for the flaws themselves, they were looking to leverage CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883 - RCE flaws in Oracle’s solutions.

“Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers,” Microsoft claims. “Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001).”

Updating the images

To stay safe, IT managers are advised to update their images to the latest versions and only source the images from official repositories. 

Threat actors love deploying cryptocurrency miners on servers. These remote endpoints are usually computationally powerful, allowing hackers to “mine” large quantities of cryptocurrency without needing the necessary hardware. What’s more, they also eliminate the high electricity costs usually associated with mining cryptos. 

The victims, on the other hand, have plenty to lose. Not only will their servers be rendered useless (as crypto mining is quite compute-heavy), but will also generate high electricity bills. Usually, the amount of cryptos mined and electricity spent is disproportionate, making the entire ordeal that much more painful.

For Microsoft’s Defender for Cloud team, the two techniques discovered are “commonly seen” in real-world attacks on Kubernetes clusters.

“Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources. In addition, attackers can gain access to the cluster by taking advantage of known vulnerabilities in images,” the team said.

“It’s important for security teams to be aware of exposed containers and vulnerable images and try to mitigate the risk before they are breached. As we have seen in this blog, regularly updating images and secure configurations can be a game changer for a company when trying to be as protected as possible from security breaches and risky exposure.”

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/pceDHKG
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Malware campaign targets Kubernetes clusters
Malware campaign targets Kubernetes clusters
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/01/malware-campaign-targets-kubernetes.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/01/malware-campaign-targets-kubernetes.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy