Light Dark
April 7, 2020 By Shane Schick 2 min read

A misconfigured API port has led to a months-long campaign in which cybercriminals have been launching daily Kinsing malware attacks that number in the thousands, according to security researchers.

Directed at enterprises operating container environments, the cryptocurrency miner exploits the API port on a host running Ubuntu and then tries to infect an ever-larger number of hosts, a report from Aqua Security noted.

Hackers rigged the Ubuntu container to clear logs, eliminate other malicious software and disable security protections. Once those tasks have been completed, the Kinsing malware download begins in order to mine for cryptocurrency on the compromised container.

An Ambitious Attack Scheme

Researchers said the exploit attempts to continue infecting other parts of the container network by using SSH credentials it collects along the way.

This allows cybercriminals to test an extensive number of key combinations and user account possibilities, researchers added. If successful, a shell script then places the cryptocurrency miner on the infected host.

The investigation traced the origins of the campaign to Eastern Europe, where command-and-control (C&C) servers split the various functions required to manage the attacks. While miners can be designed for many different kinds of cryptocurrencies, the target, in this case, is bitcoin, researchers said.

Although the campaign was described in the report as ambitious, researchers suggested that the rise of cloud-native environments and the increased use of containers will make more cybercriminals follow similarly sophisticated approaches.

Don’t Let Kinsing Lead to Crypto-Mining

The obvious step for anyone vulnerable to an attack is to conduct a thorough review of their container environments. This should include looking for suspicious user activity in log files and checking for any areas where least privilege settings should be, but haven’t been, enforced.

Beyond that, organizations need to recognize where container security responsibilities lie. Some areas may be dealt with by providers but others — including vulnerability management and continuous event monitoring — should be directly under the IT security team’s control.

 |  |  |  |  |  |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature