Hackers Turn Kubernetes Machine Learning to Crypto Mining in Azure Cloud
When clouds get hacked, it’s often the fault of user misconfigurations.
Just ask Amazon Web Services (AWs) about that. Beginning a few years ago or so, the AWS cloud notoriously suffered a long spate of such attacks, most of which leveraged misconfigured S3 storage buckets as attack vectors.
Recently, Microsoft’s Azure cloud experienced a similar situation, this one concerning misconfigurations from lazy users of the Kubeflow machine learning platform used with Kubernetes, the wildly popular container orchestration system.
Hackers managed to exploit these misconfigurations to launch cryptocurrency mining campaigns leveraging powerful machine learning Kubernetes nodes, Microsoft announced earlier this month.
“Kubeflow is an open-source project, started as a project for running TensorFlow jobs on Kubernetes. Kubeflow has grown and become a popular framework for running machine learning tasks in Kubernetes. Nodes that are used for ML tasks are often relatively powerful, and in some cases include GPUs. This fact makes Kubernetes clusters that are used for ML tasks