Microsoft Azure Machine Learning Clusters Cryptojacked to Mine Monero

Microsoft Azure Machine Learning Clusters Cryptojacked to Mine Monero

Microsoft announced on June 10 that it had discovered a number of cryptojacking attacks on powerful machine-learning clusters on its Azure cloud computing network.

In a blog-post, the company said that some customers had misconfigured nodes, allowing attackers to hijack them to mine the privacy-focused cryptocurrency Monero (XMR).

Default settings overridden

Microsoft said that it had discovered tens of clusters affected by the attack, which targets a machine learning toolkit, Kubeflow, for the open-source Kubernetes platform.

By default the dashboard to control Kubeflow is only accessible internally from the node, so users need to use port-forwarding to tunnel in via the Kubernetes API. However, some users had modified this, potentially for convenience, directly exposing the dashboard to the internet.

With access to the dashboard, attackers had a number of available vectors through which to compromise the system.

Once the shield is down, attack

One possibility is to set up or modify a Jupyter notebook server in the cluster with a malicious image.

The Azure Security Center team discovered a suspect image from a public repository on a number of machine learning clusters.

Through investigating the layers of the image, the team realized that it ran an XMRig miner, to surreptitiously use the node to mine Monero.

Machine learning clusters are relatively powerful and sometimes contain GPUs, making them an ideal target for cryptojackers.

As Cointelegraph reported, cybersecurity firm Sophos recently revealed that attackers had breached vulnerable Microsoft SQL Server databases to install the same XMRig software which mines Monero.

Source link

Cointelegraph By Jack Martin

Leave a Reply

Your email address will not be published. Required fields are marked *

About us

InvestLab is a financial services technology company focused on the global trading market. Founded in 2010 in Hong Kong, the company develops trading, market data, and social research products that enable individual investors and small to mid-size brokers to access global markets. We provide brokers and financial institutions cross border capabilities for retail investors into 43 markets globally.