Kubernetes clusters being hijacked to mine cryptocurrencies

Ugh. I mean, I recently got in an argument if anything but a hard firewall could or should be exposed to a WAN interface on the internet and we kinda agreed to not agree for now.<p>But, popular services, on default ports, with default APIs enabled, without hard authentication on a WAN interface? That should be a paddling. That doesn&#x27;t fly. Or, well it does, except not for the guy paying the power.

Got in a pretty heated debate with a colleague once about this. We had a really great infrastructure setup with a VPN bastion host that would get you into our VPC. You couldn&#x27;t reach any of our kube nodes externally. Your Google account was your VPN account. It was pretty solid.<p>When this engineer redid things they opted to go the public internet route where the master runs a public api and auth is done via a certificate. The logic here was so that external 3rd party stuff (CI) could control our master.<p>To my knowledge this setup is still running and chances are these machines are vulnerable to this issue.<p>Contrast to the prior setup where, immediately upon being offboarded from the company your VPN access became automatically terminated (thank you LDAP and Foxpass!)

At least cryptocurrency has removed most of the creativity from script kiddies - there&#x27;s so many more interesting things you could do than just mine coins.

This is one of the side-effects of products having enormous hype in this industry.<p>Far too many people are adopting Docker&#x2F;Kubernetes as they have been the hot new product for the last couple of years, often regardless of whether they are actually the best or most appropriate tool for the job.<p>A lot of the people who get sucked into the hype are often inexperienced programmers, devops or admin types who are in positions of power or influence in companies that they probably shouldn&#x27;t be, IMHO.<p>As a result, they don&#x27;t have the Linux or networking experience to be able to know when they are deploying these complex products securely or not, and they are putting their employers businesses at risk.

CTO Binaryedge here. For those wondering, We have detected more than 15k Kubernetes APIs with Auth. This post focuses on ~1.5k found without Auth, that are fully open.<p>It&#x27;s not just a Kubernetes Problem. Like many have posted, many databases, other types of clusters, shares, are accessible without Auth for those that know how to look for them (not that hard now days), mainly malicious actors.

JSON file is still available (<a href="http:&#x2F;&#x2F;192.99.142.232:8220&#x2F;222.json" rel="nofollow">http:&#x2F;&#x2F;192.99.142.232:8220&#x2F;222.json</a>)

Heading continued: “... thieves make off with $4.50”

Is anyone else a little tired of &quot;X used to mine crypto&quot; stories?<p>Yes - if it has a CPU and access to the public internet, someone will hack it and make it mine &quot;cypto&quot;. Let&#x27;s stop pretending we aren&#x27;t aware that the internet of things exists and writing breathless stories every time a toaster, router, or adult toy starts churning out Monero.

Is kubernetes a mongodb of orchestrators?

These guys are amazing. They have a lot of data and an excellent app with a lot of potential!