Geeks for your information
Microsoft: Big Cryptomining Attacks Hit Kubeflow - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Microsoft: Big Cryptomining Attacks Hit Kubeflow (/showthread.php?tid=15296)



Microsoft: Big Cryptomining Attacks Hit Kubeflow - silversurfer - 11 June 21

Quote:Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency.
 
The Kubeflow open-source project is a popular framework for running machine learning (ML) tasks in Kubernetes, while TensorFlow is an end-to-end, open-source ML platform.
 
Given that the attack is still active, any new Kubernetes clusters that run Kubeflow could be compromised, according to Microsoft.
 
On Tuesday, Microsoft security researchers warned that toward the end of May, they saw a spike in deployments of TensorFlow pods on Kubernetes clusters – pods that are running legitimate TensorFlow images from the official Docker Hub account. But a closer look at the entry point of the pods revealed that their purpose is to mine cryptocurrency.
 
Yossi Weizman, senior security research software engineer at Microsoft’s Azure Security Center, said in a post on Tuesday that the “burst” of these malicious TensorFlow deployments was “simultaneous,” indicating that the attackers initially scanned the clusters, kept a list of potential targets, and then pulled the trigger on all of them at once.
 
Weizman explained that the attackers used two separate images: The first is the latest version of TensorFlow (tensorflow/tensorflow:latest) and the second is the latest version with GPU support (tensorflow/tensorflow:latest-gpu). The use of TensorFlow images in the cluster “makes a lot of sense,” Weizman said, given that “if the images in the cluster are monitored, usage of [a] legitimate image can prevent attackers from being discovered.”

Another reason why the attackers’ choice is understandable is that the TensorFlow image they chose is a convenient way to run GPU tasks using CUDA, which “allows the attacker to maximize the mining gains from the host,” he said. CUDA is a toolkit created by NVIDIA, used to develop, optimize and deploy GPU-accelerated apps.

Read more: Microsoft: Big Cryptomining Attacks Hit Kubeflow | Threatpost