Detecting new crypto mining attack targeting Kubeflow and TensorFlow

A large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods for Monero cryptocurrency mining in Kubernetes environments has been identified by Microsoft. Kubeflow and TensorFlow, popular open-source frameworks for machine learning tasks, provide an ideal target due to their high processing power and GPU access. The attack exploits the configuration of Kubeflow dashboards exposed online via the Istio ingress gateway, allowing attackers to deploy TensorFlow images and execute malicious code without detection. Although the value of cryptocurrency has decreased, such attacks remain prevalent, exploiting legitimate images within machine learning clusters to maximize computational gains. Detection and mitigation strategies include implementing strong authentication mechanisms, keeping management dashboards private, and using tools like Falco and infrastructure monitoring to detect unusual resource usage and suspicious activities.