1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Malware campaign targets Kubernetes clusters

    From TechnologyDaily@1337:1/100 to All on Tue Jan 10 18:45:04 2023
    Malware campaign targets Kubernetes clusters

    Date:
    Tue, 10 Jan 2023 18:23:23 +0000

    Description:
    The campaign seeks to install the Kinsing malware, which is later used to deploy cryptominers.

    FULL STORY ======================================================================

    Microsofts cybersecurity researchers have revealed it spotted an uptick in
    the deployment of the Kinsing malware on Linux servers.

    As per the companys report , the attackers are leveraging Log4Shell and Atlassian Confluence RCE weaknesses in container images and misconfigured, exposed PostgreSQL containers to install cryptominers on vulnerable endpoints .

    Microsofts Defender for Cloud team said hackers were going through these apps in search of exploitable flaws: PHPUnit Liferay Oracle WebLogic WordPress

    As for the flaws themselves, they were looking to leverage CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883 - RCE flaws in Oracles solutions.

    Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers, Microsoft claims. Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001). Updating the images

    To stay safe, IT managers are advised to update their images to the latest versions and only source the images from official repositories.

    Threat actors love deploying cryptocurrency miners on servers. These remote endpoints are usually computationally powerful, allowing hackers to mine
    large quantities of cryptocurrency without needing the necessary hardware. Whats more, they also eliminate the high electricity costs usually associated with mining cryptos.

    The victims, on the other hand, have plenty to lose. Not only will their servers be rendered useless (as crypto mining is quite compute-heavy), but will also generate high electricity bills. Usually, the amount of cryptos mined and electricity spent is disproportionate, making the entire ordeal
    that much more painful.

    For Microsofts Defender for Cloud team, the two techniques discovered are commonly seen in real-world attacks on Kubernetes clusters. Read more

    It's official - Kubernetes has never been more popular


    What is Kubernetes?


    Here are the best firewalls around

    Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources. In addition, attackers can
    gain access to the cluster by taking advantage of known vulnerabilities in images, the team said.

    Its important for security teams to be aware of exposed containers and vulnerable images and try to mitigate the risk before they are breached. As
    we have seen in this blog, regularly updating images and secure
    configurations can be a game changer for a company when trying to be as protected as possible from security breaches and risky exposure. We've also featured the best identity management software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/malware-campaign-targets-kubernetes-clusters


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)