Cryptojacking Dero Kubernetes on target again

Cryptojacking Dero: Kubernetes on target again

2 Mins Read

PUREVPNNewsCryptojacking Dero: Kubernetes on target again

Cyber security researchers at Crowdstrike have discovered the first-ever crypto jacking campaign targeting Kubernetes infrastructure and involving the Dero cryptocurrency minting.

“Dero’s new crypto-jacking operation focuses on placing Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the Internet.”

Omnia to pass

The attack is pursued by financially monitored actors performing:

  • Kubelet authorization, allows different information packets to be sent on the server to open all requests anonymously.
  • Daemonset to ensure that all nodes run a copy of a Pod.
  • DaemonSet’s YAML file to orchestrate to run a Docker image that contains a “pause” binary, which is the Dero coin miner.

“In a legitimate Kubernetes deployment, ‘pause’ containers are used by Kubernetes to bootstrap a pod,” the company noted. “Attackers may have used this name to blend in to avoid obvious detection.”

Workaround to prevent Kubernetes attacks

To protect against Kubernetes attacks, it is important to follow security best practices such as:

  • Keeping Kubernetes components up-to-date with the latest security patches and updates.
  • Limiting access to the Kubernetes control plane and workloads to authorized users and applications.
  • Implementing strong authentication and authorization controls, such as multi-factor authentication, RBAC, and network policies.
  • Securing container images and workloads with best practices such as using a trusted image registry, scanning images for vulnerabilities, and applying resource limits.
  • Monitoring Kubernetes clusters for suspicious activity using tools such as Kubernetes audit logs, network traffic analysis, and intrusion detection systems.

“As Kubernetes has become the most popular container orchestrator in the world, attackers have opportunistically targeted Kubernetes and Docker misconfigurations, design weaknesses, and zero-day vulnerabilities,” the researchers conclude. 

Paradigm shift to safety

With advancements in crimes, there is a need to change the approach toward security. An adversary-focused approach to cloud security that stops attackers from exploiting modern enterprise cloud environments is very important to deploy in organizations.

Also, combining agent-based and agentless protection in a single, unified platform experience with integrated threat intelligence has become essential. This is how comprehensive visibility, detection, and remediation to secure cloud workloads can be maintained.

author

PureVPN

date

March 20, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024
Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN