Crowd Strike Holdings Warns of New Crypto Jacking Scheme
Crowd Strike Holdings Inc. – a security research firm – has released a new report detailing what has been labeled the first crypto jacking campaign targeting the Kubernetes infrastructure.
Crypto Jacking… Yup! It’s Still Around!
Crypto jacking is (at this stage) an old method of illegally mining cryptocurrency. What one does is they place malware onto a specific site or application that a victim comes across. In visiting the website or in opening the app, the malware is downloaded onto their system, and digital currency mining software is implemented onto their computer network. The software then uses the victim’s electricity and power to mine (without their knowledge or permission, of course) crypto units.
The victims usually get nothing out of this except for a big energy bill at the end of the month, while the hackers get rich through mining crypto and building their digital portfolios.
In this case, the crypto jacking attempts revolved around the Dero cryptocurrency, which is still new to the space (it was launched in 2017). Dero is popular amongst illicit actors because like assets such as Monero, it is centered in anonymity and supports fully anonymous transactions. The researchers at Crowd Strike label the asset perfect for what the crypto jackers had in mind for the Kubernetes network.
The conclusion of the researchers’ report states the following:
As Kubernetes has become the most popular container orchestrator in the world, attackers have opportunistically targeted Kubernetes and Docker misconfigurations, design weaknesses, and zero-day vulnerabilities.
The attacks on the Kubernetes system are relatively new, having only begun in early February of this year. They have also only occurred via three separate servers, all of which are in the rural US. However, the process was far more complicated that what the researchers have seen in the past.
To get their hands on the illicit coins, the cyberthieves sought out clusters on nonstandard ports by looking for and finding exposed vulnerable clusters. From there, they could gain quick (and anonymous) access to the API. Crowd Strike is warning all those hosting Kubernetes clusters to utilize protection as a means of fighting off what they feel are more sophisticated data breaches via cloud-native safety platforms.
It’s Not as Common, Anymore
While crypto jacking has arguably been around since the early days of crypto, the days of it being used on a regular basis by illicit actors appear to be wearing thin. Nowadays, when one wants to initiate a system of crypto thievery, they appear to turn to romance scams or similar means.
These situations usually involve looking for people online that are eager to find romantic partners. After sucking up to the potential victims long enough, they convince them to invest in online crypto platforms that unbeknownst to them, are controlled by hackers aiming to steal their hard-earned funds.
Source: Read Full Article