Microsoft’s Azure Security Center (ASC) recently identified an attack campaign that targets Kubeflow, a machine learning toolkit for Kubernetes.
An open-source project released in 2017, Kubeflow is a popular framework for running machine learning (ML) workflows in Kubernetes, at scale. It is aimed at helping with the deployment of open-source systems for ML to diverse infrastructures.
The observed attack, Microsoft reveals, was aimed at mining for cryptocurrency using Kubernetes clusters, which is not surprising, given the fact that some nodes used for ML tasks are often relatively powerful, and in some cases include GPUs.
In April, an image running an XMRIG miner was observed being deployed from a public repository on many different clusters. The same repository, the tech company says, contains other images with minor differences in mining configuration, and those were observed being deployed as well.
Most of the clusters the image was deployed on would run Kubeflow, which suggested that the machine learning framework was the main access vector in the campaign.
This was likely possible because some users exposed the Istio Service to the Internet, for convenient direct access to a user dashboard (otherwise, they would need to use port-forward for access, and have traffic tunneled via the Kubernetes API server).
“By exposing the Service to the Internet, users can access to the dashboard directly. However, this operation enables insecure access to the Kubeflow dashboard, which allows anyone to perform operations in Kubeflow, including deploying new containers in the cluster,” Microsoft explains.
Once access to the dashbo ..
Support the originator by clicking the read the rest link below.
