{"id":709,"date":"2020-04-08T00:00:00","date_gmt":"2020-04-08T00:00:00","guid":{"rendered":"https:\/\/azure.microsoft.com\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters"},"modified":"2023-05-11T15:26:49","modified_gmt":"2023-05-11T22:26:49","slug":"detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/","title":{"rendered":"Detect large-scale cryptocurrency mining attack against Kubernetes clusters"},"content":{"rendered":"<p>Azure Security Center&#8217;s threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure as a Service (IaaS) layer to Platform as a Service (PaaS) resources in Azure, such as IoT, App Service, and on-premises virtual machines.<\/p>\n<p>At Ignite 2019 we announced\u00a0<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-security-center\/ignite-2019-releases-for-azure-security-center-and-azure\/ba-p\/975570\" target=\"_blank\" rel=\"noopener\">new threat protection capabilities<\/a> to counter sophisticated threats on cloud platforms, including preview for <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-kubernetes-service-integration\" target=\"_blank\" rel=\"noopener\">threat protection for Azure Kubernetes Service (AKS) Support in Security Center<\/a> and preview for <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-container-registry-integration\" target=\"_blank\" rel=\"noopener\">vulnerability assessment for Azure Container Registry (ACR) images<\/a>.<\/p>\n<h2>Azure Security Center and Kubernetes clusters\u00a0<\/h2>\n<p>In this blog, we will describe a recent large-scale cryptocurrency mining attack against Kubernetes clusters that was recently discovered by\u00a0<a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/security-center\/\" target=\"_blank\" rel=\"noopener\">Azure Security Center<\/a>. This is one of the many examples Azure Security Center can help you protect your Kubernetes clusters from threats.<\/p>\n<p>Crypto mining attacks in containerized environments aren\u2019t new. In Azure Security Center, we regularly detect a wide range of mining activities that run inside containers. Usually, those activities are running inside vulnerable containers, such as web applications, with known vulnerabilities that are exploited.<\/p>\n<p>Recently, Azure Security Center detected a new crypto mining campaign that targets specifically Kubernetes environments. What differs this attack from other crypto mining attacks is its scale: within only two hours a malicious container was deployed on tens of Kubernetes clusters.<\/p>\n<p>The containers ran an image from a public repository: <strong>kannix\/monero-miner<\/strong>.\u00a0This image runs XMRig, a very popular open source Monero miner.<\/p>\n<p>The telemetries showed that container was deployed by a <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/workloads\/controllers\/deployment\/\" target=\"_blank\" rel=\"noopener\">Kubernetes Deployment<\/a> named <code>kube-control<\/code>.<\/p>\n<p>As can be shown in the Deployment configuration below, the Deployment, in this case, ensures that 10 replicas of the pod would run on each cluster:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"KB cluster2\" height=\"768\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp\" title=\"KB cluster2\" width=\"435\"><\/p>\n<p>\nIn addition, the same actor that deployed the crypto mining containers also enumerated the cluster resources including Kubernetes secrets. This might lead to exposure of connection strings, passwords, and other secrets which might enable lateral movement.<\/p>\n<p>The interesting part is that the identity in this activity is <code>system:serviceaccount:kube-system:kubernetes-dashboard<\/code> which is the dashboard\u2019s service account.<br \/>\nThis fact indicates that the malicious container was deployed by the Kubernetes dashboard. The resources enumeration was also initiated by the dashboard\u2019s service account.<\/p>\n<p>There are three options for how an attacker can take advantage of the Kubernetes dashboard:<\/p>\n<ol>\n<li>Exposed dashboard: The cluster owner exposed the dashboard to the internet, and the attacker found it by scanning.<\/li>\n<li>The attacker gained access to a single container in the cluster and used the internal networking of the cluster for accessing the dashboard (which is possible by the default behavior of Kubernetes).<\/li>\n<li>Legitimate browsing to the dashboard using cloud or cluster credentials.<\/li>\n<\/ol>\n<p>The question is which one of the three options above was involved in this attack? To answer this question, we can use a hint that Azure Security Center gives, security alerts on the exposure of the Kubernetes dashboard. Azure Security Center alerts when the Kubernetes dashboard is exposed to the Internet. The fact that this security alert was triggered on some of the attacked clusters implies that the access vector here is an exposed dashboard to the Internet.<\/p>\n<p>A representation of this attack on the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/04\/02\/attack-matrix-kubernetes\/\" target=\"_blank\" rel=\"noopener\">Kubernetes attack matrix<\/a> would look like:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"kb cluster3\" height=\"386\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/4bf8211f-e625-4912-8925-0fb84b90e257.webp\" title=\"kb cluster3\" width=\"1067\"><\/p>\n<h2>Avoiding cryptocurrency mining attacks<\/h2>\n<p>How could this be avoided?<\/p>\n<ol>\n<li>Do not expose the Kubernetes dashboard to the Internet: Exposing the dashboard to the Internet means exposing a management interface.<\/li>\n<li>Apply RBAC in the cluster: When RBAC is enabled, the dashboard\u2019s service account has by default very limited permissions which won\u2019t allow any functionality, including deploying new containers.<\/li>\n<li>Grant only necessary permissions to the service accounts: If the dashboard is used, make sure to apply only necessary permissions to the dashboard\u2019s service account. For example, if the dashboard is used for monitoring only, grant only \u201cget\u201d permissions to the service account.<\/li>\n<li>Allow only trusted images: Enforce deployment of only trusted containers, from trusted registries.<\/li>\n<\/ol>\n<h2>Learn more<\/h2>\n<p>Kubernetes is quickly becoming the new standard for deploying and managing software in the cloud. Few people have extensive experience with Kubernetes and many only focuses on general engineering and administration and overlook the security aspect. Kubernetes environment needs to be configured carefully to be secure, making sure no container focused attack surface doors are not left open is exposed for attackers. Azure Security Center provides:<\/p>\n<ol>\n<li>Discovery and Visibility: Continuous discovery of managed AKS instances within Security Center\u2019s registered subscriptions.<\/li>\n<li>Secure Score recommendations: Actionable items to help customers comply with security best practices in AKS as part of the customer\u2019s Secure Score, such as &#8220;Role-Based Access Control should be used to restrict access to a Kubernetes Service Cluster.&#8221;<\/li>\n<li>Threat Detection: Host and cluster-based analytics, such as \u201cA privileged container detected.&#8221;<\/li>\n<\/ol>\n<p>To learn more about AKS Support in Azure Security Center, please visit <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security-center\/azure-kubernetes-service-integration\" target=\"_blank\" rel=\"noopener\">the documentation here<\/a>.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Azure Security Center&#8217;s threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1474,1459],"tags":[],"audience":[3054,3057,3053,3056],"content-type":[],"product":[1472,1798],"tech-community":[],"topic":[],"coauthors":[312],"class_list":["post-709","post","type-post","status-publish","format-standard","hentry","category-analytics","category-security","audience-business-decision-makers","audience-data-professionals","audience-it-decision-makers","audience-it-implementors","product-azure-kubernetes-service-aks","product-azure-security-center"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Detect large-scale cryptocurrency mining attack against Kubernetes clusters | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"Azure Security Center&#039;s threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Detect large-scale cryptocurrency mining attack against Kubernetes clusters | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"Azure Security Center&#039;s threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-08T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-11T22:26:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp\" \/>\n<meta name=\"author\" content=\"Yossi Weizman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yossi Weizman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\"},\"author\":[{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/yossi-weizman\/\",\"@type\":\"Person\",\"@name\":\"Yossi Weizman\"}],\"headline\":\"Detect large-scale cryptocurrency mining attack against Kubernetes clusters\",\"datePublished\":\"2020-04-08T00:00:00+00:00\",\"dateModified\":\"2023-05-11T22:26:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\"},\"wordCount\":794,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp\",\"articleSection\":[\"Analytics\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\",\"name\":\"Detect large-scale cryptocurrency mining attack against Kubernetes clusters | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp\",\"datePublished\":\"2020-04-08T00:00:00+00:00\",\"dateModified\":\"2023-05-11T22:26:49+00:00\",\"description\":\"Azure Security Center's threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026\",\"breadcrumb\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Analytics\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/analytics\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Detect large-scale cryptocurrency mining attack against Kubernetes clusters\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/microsoftazure\",\"https:\/\/x.com\/azure\",\"https:\/\/www.instagram.com\/microsoftdeveloper\/\",\"https:\/\/www.linkedin.com\/company\/16188386\",\"https:\/\/www.youtube.com\/user\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117\",\"name\":\"shakir\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"caption\":\"shakir\"},\"sameAs\":[\"https:\/\/azure.microsoft.com\"],\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Detect large-scale cryptocurrency mining attack against Kubernetes clusters | Microsoft Azure Blog","description":"Azure Security Center's threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/","og_locale":"en_US","og_type":"article","og_title":"Detect large-scale cryptocurrency mining attack against Kubernetes clusters | Microsoft Azure Blog","og_description":"Azure Security Center's threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2020-04-08T00:00:00+00:00","article_modified_time":"2023-05-11T22:26:49+00:00","og_image":[{"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp","type":"","width":"","height":""}],"author":"Yossi Weizman","twitter_card":"summary_large_image","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Yossi Weizman","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/yossi-weizman\/","@type":"Person","@name":"Yossi Weizman"}],"headline":"Detect large-scale cryptocurrency mining attack against Kubernetes clusters","datePublished":"2020-04-08T00:00:00+00:00","dateModified":"2023-05-11T22:26:49+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/"},"wordCount":794,"commentCount":0,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp","articleSection":["Analytics","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/","name":"Detect large-scale cryptocurrency mining attack against Kubernetes clusters | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp","datePublished":"2020-04-08T00:00:00+00:00","dateModified":"2023-05-11T22:26:49+00:00","description":"Azure Security Center's threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)\u2026","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#primaryimage","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2020\/04\/d8b54b28-e0d9-4ceb-9b70-d62a3667d974.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"Analytics","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/analytics\/"},{"@type":"ListItem","position":3,"name":"Detect large-scale cryptocurrency mining attack against Kubernetes clusters"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117","name":"shakir","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4","url":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","caption":"shakir"},"sameAs":["https:\/\/azure.microsoft.com"],"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/"}]}},"msxcm_display_generated_audio":false,"msxcm_animated_featured_image":null,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=709"}],"version-history":[{"count":1,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/709\/revisions"}],"predecessor-version":[{"id":44368,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/709\/revisions\/44368"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=709"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=709"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=709"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=709"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=709"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=709"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}