TL; DR breakdown
- Security experts have discovered new crypto-mining malware targeting Kubernetes clusters.
- The malware is believed to originate from TeamTNT.
New malware has reportedly been targeting Kubernetes clusters, a set of nodes running containerized applications to unauthorized mining of cryptocurrencies. The security researchers at Palo Alto Networks Inc. recently discovered the crypto-mining malware and added that it may have originated from TeamTNT, a notorious cybercrime group known for designing malware for mining Monero (XMR). According to security researchers, the reported malware was first discovered in January.
Crypto mining malware targets Kubernetes clusters
When the malware known as “Hildegard” infects Kubernetes clusters, it quickly spreads to the containers before the system is hijacked to unauthorized mining of the cryptocurrency, commonly known as cryptojacking. The security experts claimed that the crypto-mining malware came from the TeamTNT cybercrime group as it uses similar domains and functions that the group had used in their previous attacks.
However, Hildegard was equipped with other features to make it difficult to see easily, according to the experts. They stated that this new crypto-mining malware was using a process name similar to Linux to hide their communications. Applications in the clusters can be disrupted due to the crypto mining malware, warn the experts, adding that Kubernetes can be easily secured. However, it will take more work to patch and prevent the cryptojacking attack.
“In this complex attack, threat actors use a combination of Kubernetes misconfigurations and known vulnerabilities. […] DevOps and IT teams need to work closely with their security counterparts to prioritize remediation, especially for outward-facing assets and high-risk vulnerabilities, ”commented Tal Morgenstern, co-founder of Vulcan Cyber.
The rise in malware attacks
Ransomware is the type of malware that has gotten more hits in the past year. In a recent report, Chainalysis, a blockchain analytics company, reported a decline in the number of illegal cryptocurrency transactions. However, ransomware attacks contributed significantly to the record over the past year. Ransomware attacks have increased by more than 300 percent since last year.