Sign In

Communications of the ACM

ACM TechNews

Machine Learning Clusters in Azure Hijacked to Mine Cryptocurrency


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Chips and bitcoins.

Microsoft's Azure Security Center has reported a cryptojacking scheme.

Credit: Getty Images

Microsoft's Azure Security Center has reported a cryptojacking scheme in which attackers hijacked machine learning clusters inside the Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented those cluster.

The infected clusters were running Kubeflow, an open source framework for machine learning applications in Kubernetes, a platform for deploying scalable applications across numerous computers.

Microsoft investigators determined that the machines were compromised by customers who changed the default setting, which prevents people on the Internet at large from accessing the Kubeflow dashboard and making unauthorized changes to the cluster.

With access to the dashboard, attackers have several options for deploying backdoored containers in the cluster.

The compromised clusters identified by Microsoft numbered in the "tens," many of which ran an image available from a public repository, which the investigators said contained code that surreptitiously mined the Monero cryptocurrency.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found