Technology NewsKinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL

Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL

-


Jan 09, 2023Ravie LakshmananKubernetes / Cryptojacking

Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments.

A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week.

Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.

The threat actor, in the past, has also been discovered employing a rootkit to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes.

Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a “large amount of clusters” infected in this manner.

Kinsing Cryptojacking Attacks

The misconfiguration relates to a trust authentication setting, which could be abused to connect to the servers sans any authentication and achieve code execution should the option be set up to accept connections from any IP address.

“In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat,” Bruskin explained.

The alternative attack vector targets servers with vulnerable versions of PHPUnit, Liferay, WebLogic, and WordPress that are susceptible to remote code execution in order to run malicious payloads.

What’s more, a recent “widespread campaign” involved the attackers scanning for open default WebLogic port 7001, and if found, executing a shell command to launch the malware.

“Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources,” Bruskin said. “In addition, attackers can gain access to the cluster by taking advantage of known vulnerabilities in images.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Big Tech’s earnings show the digital ad market isn’t over yet

After a challenging 2022 in which advertising-dependent companies faced shrinking budgets and falling stock prices, this week's fourth-quarter...

You can now use the Elgato Stream Deck to control your Microsoft Teams meetings

Microsoft has released a Teams plugin for the Elgato Stream Deck, making it possible to add meeting controls...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

பாக்டீரியாவால் தயாரிக்கப்பட்ட நானோவைர் காலநிலை மாற்றத்தை எதிர்த்துப் போராடுவதற்கான முக்கிய தடயங்களை வழங்குகிறது

மின்சாரம் தயாரிக்கும் பயோஃபில்ம்களுக்குப் பயன்படுத்தப்படும் மின்சார புலத்திற்கு பதில் ஜியோபாக்டரால் தயாரிக்கப்படும் "நானோவாய்கள்". இந்த நானோவாய்கள் சைட்டோக்ரோம் OmcZ இனால் ஆனது மற்றும்...

Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)

Price: (as of - Details) Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)Camera: 50 MP Primary...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

Must read

This e-boat made the trip from Florida to the Bahamas on a single charge

You can't complain about the speed of the...

Where To Watch Belfast Movie

Written and directed by Kenneth Branagh, Belfast is...