Exploiting DevOps APIs: The Rising Threat of Cryptojacking
Blog post from SSOJet
Cybersecurity researchers have uncovered a significant cryptojacking campaign named JINX-0132, which targets publicly accessible DevOps applications like Docker, Gitea, and HashiCorp Consul and Nomad. This campaign exploits known misconfigurations and vulnerabilities to deploy cryptocurrency miners, causing substantial financial burdens on organizations due to the high compute resources required. The attackers utilize publicly available tools from GitHub, making detection and attribution challenging, and their strategy represents a shift from traditional malware to exploiting misconfigurations. Statistics indicate that 25% of cloud environments run at least one of these technologies, with a significant number exposed to the internet, and 30% exhibit misconfigurations. To mitigate these risks, organizations are advised to implement best security practices, such as enabling access control lists, restricting HTTP API access, regularly updating software, and using secure single sign-on (SSO) solutions. Continuous monitoring and detection are essential for defending against cryptojacking and similar threats, and solutions like SSOJet can provide enhanced protection by tightly controlling and monitoring access to critical DevOps tools.
No tracked trend matches for this post yet.