{"id":550222,"date":"2023-01-09T15:03:24","date_gmt":"2023-01-09T17:03:24","guid":{"rendered":"https:\/\/teknomers.com\/fr\/kinsing-cryptojacking-frappe-les-clusters-kubernetes-via-postgresql-mal-configure\/"},"modified":"2023-01-09T15:03:25","modified_gmt":"2023-01-09T17:03:25","slug":"kinsing-cryptojacking-frappe-les-clusters-kubernetes-via-postgresql-mal-configure","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/kinsing-cryptojacking-frappe-les-clusters-kubernetes-via-postgresql-mal-configure\/","title":{"rendered":"Kinsing Cryptojacking frappe les clusters Kubernetes via PostgreSQL mal configur\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">09 janvier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Kubernetes \/ Cryptojacking<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Les acteurs de la menace derri\u00e8re le <strong>Kinsing<\/strong> Des op\u00e9rations de cryptojacking ont \u00e9t\u00e9 rep\u00e9r\u00e9es exploitant des serveurs PostgreSQL mal configur\u00e9s et expos\u00e9s pour obtenir un acc\u00e8s initial aux environnements Kubernetes.<\/p>\n<p>Une deuxi\u00e8me technique de vecteur d&#8217;acc\u00e8s initial implique l&#8217;utilisation d&#8217;images vuln\u00e9rables, Sunders Bruskin, chercheur en s\u00e9curit\u00e9 chez Microsoft Defender for Cloud, <a rel=\"nofollow noopener\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-defender-for-cloud\/initial-access-techniques-in-kubernetes-environments-used-by\/ba-p\/3697975\" target=\"_blank\">m&#8217;a dit<\/a> dans un rapport la semaine derni\u00e8re.<\/p>\n<p>Kinsing a une longue histoire de ciblage <a rel=\"nofollow noopener\" href=\"https:\/\/www.trendmicro.com\/en_my\/research\/22\/i\/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html\" target=\"_blank\">environnements conteneuris\u00e9s<\/a>exploitant souvent des ports d&#8217;API de d\u00e9mon Docker ouverts mal configur\u00e9s et abusant d&#8217;exploits r\u00e9cemment divulgu\u00e9s pour abandonner le logiciel d&#8217;extraction de crypto-monnaie.<\/p>\n<p>L&#8217;acteur de la menace, dans le pass\u00e9, a \u00e9galement \u00e9t\u00e9 d\u00e9couvert <a rel=\"nofollow noopener\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/k\/analysis-of-kinsing-malwares-use-of-rootkit.html\" target=\"_blank\">employant un rootkit<\/a> pour masquer sa pr\u00e9sence, en plus de r\u00e9silier et de d\u00e9sinstaller les services et processus concurrents gourmands en ressources.<\/p>\n<p>Selon Microsoft, les erreurs de configuration dans <a rel=\"nofollow noopener\" href=\"https:\/\/unit42.paloaltonetworks.com\/pgminer-postgresql-cryptocurrency-mining-botnet\/\" target=\"_blank\">Serveurs PostgreSQL<\/a> ont \u00e9t\u00e9 coopt\u00e9s par l&#8217;acteur de Kinsing pour prendre un premier pied, l&#8217;entreprise observant une &#8220;grande quantit\u00e9 de clusters&#8221; infect\u00e9s de cette mani\u00e8re.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/01\/1673283804_674_Kinsing-Cryptojacking-frappe-les-clusters-Kubernetes-via-PostgreSQL-mal-configure.png\" alt=\"Attaques de cryptojacking Kinsing\" border=\"0\" data-original-height=\"600\" data-original-width=\"728\" title=\"Attaques de cryptojacking Kinsing\"\/><\/div>\n<p>La mauvaise configuration concerne un <a rel=\"nofollow noopener\" href=\"https:\/\/www.postgresql.org\/docs\/current\/auth-trust.html\" target=\"_blank\">param\u00e8tre d&#8217;authentification de confiance<\/a>qui pourrait \u00eatre utilis\u00e9 de mani\u00e8re abusive pour se connecter aux serveurs sans aucune authentification et r\u00e9aliser l&#8217;ex\u00e9cution de code si l&#8217;option \u00e9tait configur\u00e9e pour accepter les connexions \u00e0 partir de n&#8217;importe quelle adresse IP.<\/p>\n<p>&#8220;En g\u00e9n\u00e9ral, autoriser l&#8217;acc\u00e8s \u00e0 une large gamme d&#8217;adresses IP expose le conteneur PostgreSQL \u00e0 une menace potentielle&#8221;, a expliqu\u00e9 Bruskin.<\/p>\n<p>Le vecteur d&#8217;attaque alternatif cible les serveurs avec des versions vuln\u00e9rables de PHPUnit, Liferay, WebLogic et WordPress qui sont sensibles \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance afin d&#8217;ex\u00e9cuter des charges utiles malveillantes.<\/p>\n<p>De plus, une r\u00e9cente &#8220;campagne g\u00e9n\u00e9ralis\u00e9e&#8221; a impliqu\u00e9 les attaquants \u00e0 la recherche d&#8217;open <a rel=\"nofollow noopener\" href=\"https:\/\/docs.oracle.com\/middleware\/1213\/core\/ASADM\/portnums.htm#ASADM432\" target=\"_blank\">port WebLogic par d\u00e9faut 7001<\/a>et s&#8217;il est trouv\u00e9, ex\u00e9cuter une commande shell pour lancer le logiciel malveillant.<\/p>\n<p>&#8220;Exposer le cluster \u00e0 Internet sans mesures de s\u00e9curit\u00e9 appropri\u00e9es peut le rendre vuln\u00e9rable aux attaques de sources externes&#8221;, a d\u00e9clar\u00e9 Bruskin.  &#8220;De plus, les attaquants peuvent acc\u00e9der au cluster en tirant parti des vuln\u00e9rabilit\u00e9s connues dans les images.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/01\/kinsing-cryptojacking-hits-kubernetes.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80209 janvier 2023\ue804Ravie LakshmananKubernetes \/ Cryptojacking Les acteurs de la menace derri\u00e8re le Kinsing Des op\u00e9rations de cryptojacking ont \u00e9t\u00e9 rep\u00e9r\u00e9es exploitant des serveurs PostgreSQL mal configur\u00e9s et expos\u00e9s pour obtenir un acc\u00e8s initial aux environnements Kubernetes. Une deuxi\u00e8me technique de vecteur d&#8217;acc\u00e8s initial implique l&#8217;utilisation d&#8217;images vuln\u00e9rables, Sunders Bruskin, chercheur en s\u00e9curit\u00e9 chez Microsoft [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":550223,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[137910,4168,137911,119982,4158,4165,4161,1986,137909,30045,4157,4159,4171,4170,65,4167,376,4160,4163,4162,57626,4172,4169,4166,4164],"class_list":["post-550222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-clusters","tag-comment-pirater","tag-configure","tag-cryptojacking","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-frappe","tag-kinsing","tag-kubernetes","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mal","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-postgresql","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/550222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=550222"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/550222\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/550223"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=550222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=550222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=550222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}