CoinMiner Campaigns Move to the Cloud via Docker, Kubernetes

[Faybert]

After becoming a scourge inside browsers, on desktops, and on servers, cryptocurrency-mining malware is now invading the cloud, and it appears to be quite successful.

Several reports during the past month suggest malware authors are now actively looking to gain access to Docker and Kubernetes systems, two types of applications that are the basic building blocks of many of today's cloud computing services.

The role of these two tools is to help developers roll out containerized/virtualized apps or even entire server setups whenever a company's infrastructure needs more processing power to handle traffic spikes or extra computing tasks.
....
....

Attacks on cloud systems amped up with the new year
The first such attacks targeting Kubernets and Docker instances were detected at the start of the year by Sysdig researchers. Exposers observed attacks against honeypot servers where miscreants would take over a Kubernetes instance and attempt to deploy Docker containers inside which they tried to mine Monero.

Similar honeypot logs were later reported by experts from Aqua Security, who reported attacks against lone Docker instances, during which hackers also tried to mine Monero.
....
....