3 Minutes
Cyberattacks Target Popular DevOps Tools for Illicit Crypto Mining
Cybersecurity experts have recently uncovered a new wave of attacks where malicious actors exploit misconfigurations in widely-used public DevOps tools to deploy cryptocurrency mining operations. These unauthorized miners covertly generate valuable crypto tokens, resulting in substantial electricity and infrastructure costs for unsuspecting victims.
The threat intelligence team at Wiz Threat Research identified and attributed the campaign to a group known as JINX-0132. Their investigation revealed that while several tools are targeted, four stood out as frequent targets: Nomad, Consul, Docker Engine API, and Gitea.
Understanding the Tools at Risk
Nomad and Consul, both created by HashiCorp, are of particular interest. Nomad serves as a scalable workload orchestrator for managing containers, virtual machines, and standalone applications across infrastructure clusters. Consul offers service networking solutions, including service discovery and configuration management for distributed applications.
Docker Engine API provides developers and automation tools with a RESTful way to interact with Docker for managing containers, images, and more. Gitea is a self-hosted Git platform that enables collaborative software development with features such as source code hosting and code review.
JINX-0132's Clever Attack Tactics
What sets JINX-0132's approach apart is how they evade detection. Instead of using conventional methods that might leave behind typical indicators of compromise, the attackers download their malicious tools directly from public GitHub repositories. This strategy avoids raising immediate alarms with defenders and security systems, particularly when the targeted applications are not seen as traditional entry points.
Shockingly, the scale of this security threat is significant. Data from the report highlights that as many as 25% of all cloud environments use at least one of these four vulnerable DevOps tools. Furthermore, HashiCorp Consul is found in at least 20% of environments. Of note, 5% of these deployments are exposed to the internet, and 30% of those have dangerous misconfigurations.
How to Defend Against Cryptocurrency Mining Attacks
Given the risks, experts recommend a multi-layered security approach. Organizations should enforce robust access controls, routinely conduct security audits, and carry out ongoing vulnerability assessments. Promptly applying security patches is essential, as is the continuous monitoring of system resource usage to spot unusual activity.
Securing DevOps environments against misconfiguration is key. Companies should prevent unauthorized command execution and strengthen authentication protocols to thwart potential crypto mining attacks. By proactively addressing these vulnerabilities, businesses can better protect their infrastructure and digital assets in an increasingly hostile cyber landscape.
Source: theregister
Comments