Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,120
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments.

A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week.

Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.

The threat actor, in the past, has also been discovered employing a rootkit to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes.

Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a "large amount of clusters" infected in this manner.

The misconfiguration relates to a trust authentication setting, which could be abused to connect to the servers sans any authentication and achieve code execution should the option be set up to accept connections from any IP address.

"In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat," Bruskin explained.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top