Researchers from Microsoft’s cybersecurity team have reported seeing more instances of the Kinsing virus (opens in new tab) being installed on Linux machines.

Using vulnerabilities in Log4Shell and Atlassian Confluence RCE container images and misconfigured, exposed PostgreSQL containers, the business claims that attackers are installing cryptominers on susceptible endpoints.

Hackers, according to Microsoft’s Defender for Cloud team, are searching these applications for vulnerabilities.

• PHPUnit
• Liferay
• Oracle WebLogic
• WordPress

They planned to take use of Remote Code Execution (RCE) vulnerabilities in Oracle’s products, namely CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883.

Microsoft says that they “just uncovered a massive campaign of Kinsing” that aimed targeting weak WebLogic server versions. Attacks often begin with a port scan of a large range of IP addresses, seeking for the WebLogic default port (7001).

Modifying the pictures to reflect current events

Security-conscious IT admins will only use pictures obtained from trusted sources and use the most recent versions available.

Malicious actors often use servers to mine cryptocurrencies. Typically, these distant nodes have enough processing capacity, enabling attackers to “mine” substantial amounts of bitcoin without the need for specialised equipment. In addition, they do away with the expensive energy requirements often involved with mining cryptocurrencies.

On the other side, the victims stand to lose a great deal. Since crypto mining requires a lot of processing power, they will lose their servers and rack up expensive energy costs. The difficulty of crypto mining is exacerbated by the often-disproportionate number of cryptos mined to the amount of power utilised.

The Defender for Cloud team at Microsoft notes that the two methods are “often encountered” in actual assaults against Kubernetes clusters.

“Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources. In addition, attackers can gain access to the cluster by taking advantage of known vulnerabilities in images,” the team said.

“It’s important for security teams to be aware of exposed containers and vulnerable images and try to mitigate the risk before they are breached. As we have seen in this blog, regularly updating images and secure configurations can be a game changer for a company when trying to be as protected as possible from security breaches and risky exposure.”