A recent discovery by CrowdStrike security researchers has unveiled a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Named ‘Kiss-a-dog’, this campaign has been utilizing various command-and-control (C2) servers to launch attacks with the goal of mining cryptocurrency.
The threat actors behind ‘Kiss-a-dog’ have been employing user and kernel mode rootkits to conceal their activities, backdoor compromised containers, move laterally within networks, and establish persistence. This sophisticated approach is reminiscent of tactics used by other cryptojacking groups such as TeamTNT, who have previously targeted insecure Docker and Kubernetes environments.
The decline in cryptocurrency value during mid-2022 led to a decrease in malicious activity targeting digital currencies in containerized environments. However, with the recent resurgence in cryptocurrency prices, threat groups are once again turning their attention to exploiting vulnerable cloud infrastructure for financial gain.
CrowdStrike’s honeypots detected a surge in campaigns targeting Docker and Kubernetes vulnerabilities in September 2022. The ‘Kiss-a-dog’ campaign, in particular, leverages a host mount technique to break out of containers, a common strategy among crypto miners seeking to evade detection.
These cryptojacking campaigns can persist for days to months, depending on their success rates. As the competitive landscape for cryptocurrency mining fluctuates, it is essential for cloud security practitioners to remain vigilant and ensure that their cloud infrastructure is protected from such threats.
For comprehensive insights on securing Kubernetes environments, James Brown, senior vice president of customer success at Lacework, has published an analysis that can provide valuable guidance. Stay informed and proactive to safeguard your cloud infrastructure from emerging threats in the ever-evolving landscape of cryptojacking.