Sign In

Communications of the ACM

ACM TechNews

Machine Learning Clusters in Azure Hijacked to Mine Cryptocurrency

View as: Print Mobile App Share:
Chips and bitcoins.

Microsoft's Azure Security Center has reported a cryptojacking scheme.

Credit: Getty Images

Microsoft's Azure Security Center has reported a cryptojacking scheme in which attackers hijacked machine learning clusters inside the Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented those cluster.

The infected clusters were running Kubeflow, an open source framework for machine learning applications in Kubernetes, a platform for deploying scalable applications across numerous computers.

Microsoft investigators determined that the machines were compromised by customers who changed the default setting, which prevents people on the Internet at large from accessing the Kubeflow dashboard and making unauthorized changes to the cluster.

With access to the dashboard, attackers have several options for deploying backdoored containers in the cluster.

The compromised clusters identified by Microsoft numbered in the "tens," many of which ran an image available from a public repository, which the investigators said contained code that surreptitiously mined the Monero cryptocurrency.

From Ars Technica
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account