Cryptojackers hijack machine learning toolkit Kubeflow

Getting your Trinity Audio player ready...

Cryptojackers have launched a series of attacks against machine learning toolkit Kubeflow, with the intention of installing digital currency block reward miners on exposed instances.

According to a post published by Microsoft, the attacks have been going on since April, with “tens of Kubernetes clusters” running Kubeflow having been targeted so far.

The nodes are ordinarily used to run tasks for machine learning, with significant capacity for processing digital currency in the wrong hands.

Yossi Weizman, Security Research Software Engineer at the Azure Security Center, said this is the first attack they have uncovered targeting Kubeflow specifically: “Azure Security Center has detected multiple campaigns against Kubernetes clusters in the past that have a similar access vector: an exposed service to the internet. However, this is the first time that we have identified an attack that targets Kubeflow environments specifically…When deploying a service like Kubeflow within a cluster it is crucial to be aware of security aspects…”

According to Weizman, the power required for machine learning tasks makes Kubernetes clusters an ideal target for cryptojacking.

“Nodes that are used for ML tasks are often relatively powerful, and in some cases include GPUs…This fact makes Kubernetes clusters that are used for ML tasks a perfect target for crypto mining campaigns, which was the aim of this attack,” Weizman said.

Cryptojacking occurs when resources are hijacked by a malicious party to power digital currency block reward miners. Scammers then collect the digital currency generated from the illicit activity.

Cryptojacking attacks have shown a stark rise in recent years, becoming an increasingly common strategy for scammers and cybercriminals.

The revelation of the attacks serve as a reminder to those deploying Kubeflow to be alert to potential security threats, and to take steps to protect their nodes from being exposed to cryptojacking.