Crypto Jackers Target Kubernetes: Crowd Strike Issues Warning

• Crowd Strike Holdings Inc. has released a report detailing the first crypto jacking campaign targeting the Kubernetes infrastructure.
• Crypto jacking is an old method of illegally mining cryptocurrency by placing malware onto a website or application for victims to unknowingly download and use their energy and power to mine crypto units.
• The attacks have only been found on three servers in rural US, but Crowd Strike warns all Kubernetes clusters to utilize protection platforms as potential breaches become more sophisticated.

What is Crypto Jacking?

Crypto jacking is (at this stage) an old method of illegally mining cryptocurrency. What one does is they place malware onto a specific site or application that a victim comes across. In visiting the website or in opening the app, the malware is downloaded onto their system, and digital currency mining software is implemented onto their computer network. The software then uses the victim’s electricity and power to mine (without their knowledge or permission, of course) crypto units. The victims usually get nothing out of this except for a big energy bill at the end of the month, while the hackers get rich through mining crypto and building their digital portfolios.

Targeted Cryptocurrency

In this case, the crypto jacking attempts revolved around the Dero cryptocurrency, which is still new to the space (it was launched in 2017). Dero is popular amongst illicit actors because like assets such as Monero, it is centered in anonymity and supports fully anonymous transactions.

Kubernetes Network Attacks

The attacks on the Kubernetes system are relatively new, having only begun in early February of this year. They have also only occurred via three separate servers, all of which are in the rural US. However, attackers have opportunistically targeted Kubernetes and Docker misconfigurations, design weaknesses, and zero-day vulnerabilities with increasing sophistication to gain quick access to API’s using exposed vulnerable clusters on nonstandard ports for illicit coins.

Warning from Crowd Strike

Crowd Strike is warning all those hosting Kubernetes clusters to utilize protection as a means of fighting off what they feel are more sophisticated data breaches via cloud-native safety platforms.

Not As Common Anymore

While crypto jacking has arguably been around since early days of cryptocurrency trading/mining it has become less common over time due to increased security measures taken by companies & individuals alike when dealing with digital currency transactions/operations