Law enforcers say that this is an illegal mining farm they discovered on the territory of the country: as a result, almost 5,000 pieces of equipment were seized. So, during searches at farm and at the address of residence of its organizers, 3,800 game consoles were seized (as you can see in the photo, this is a PlayStation 4), more than 500 video cards, 50 processors, as well as documentation on electricity consumption accounting, phones, flash drives and so on.

According to preliminary data, the sum of losses from the operation of such a farm could be from 5 to 7 million UAH ($183-256 thousand) per month. At the same time, the “leakage” of such an amount of electricity could lead to poor consequences, for example, some quarters of Vinnitsa could remain without electricity.

Representatives of Vinnitsaoblenergo JSC have already stated that the company had nothing to do with an illegal farm, and “equipment designed for cryptocurrency mining has never worked in the premises belonging to the company”.

Interestingly, the local media writes that law enforcement officers most likely found not a mining farm, but a farm of game bots (hence the abundance of PlayStation 4 Slim, which are not very good for mining), which, for example, could grind the in-game currency and upgrade accounts for the football simulator FIFA.

The SBU representatives confirmed that the attackers bred bots to sell accounts in FIFA 21. The bots actually earned in-game currency during the time spent in the game, then to spend it on cards with football players in Ultimate Team mode, and then they sold accounts with decent sets of rare cards at various trading platforms. And such a product is in great demand, because the legal receipt of the strongest cards requires tenfold, even hundredfold higher sums compared to a quick purchase of an already pumped account.

It is still unknown whether the owners of the bot farm managed to recoup their investments – more than 30,000,000 hryvnia (more than $1 million) were spent on the consoles only, not forgetting about half a thousand video cards.

Criminal proceedings under Part 2 of Art. 188-1 (theft of water, electrical or thermal energy through its unauthorized use) has already been opened. Attackers face up to three years in prison.

Let me remind you that I also talked about the fact that the Ukrainian cyber police in cooperation with Binance detained operators of 20 cryptocurrency exchangers.

The post Ukrainian law enforcement discovered a mining farm consisting of thousands of PlayStation 4 consoles appeared first on Gridinsoft Blog.

Criminals use them to deploy malicious containers that mine Monero and Ethereum cryptocurrencies.

Researchers say the attacks appear to be a continuation of a campaign that was discovered last April. Although that campaign peaked in June and then dwindled, new attacks began in late May 2021 when researchers noticed a sudden increase in deployments of the open source machine learning library TensorFlow, adapted for mining.

In this case, deployments in different clusters occurred simultaneously.

Although the pods used by the hackers were taken from the official Docker Hub repository, they were modified to mine cryptocurrency. At the same time, all pods are named according to the sequential-pipeline-{random pattern} pattern, which now makes it quite easy to detect possible compromises.

According to the company, in order to gain access to clusters and deploy miners to them, attackers search the network for incorrectly configured and publicly available Kubeflow dashboards that should be open only for local access.

Attackers deploy at least two separate modules on each of the compromised clusters: one for CPU mining and the other for GPU mining. So, XMRig is used to mine Monero using a CPU, and Ethminer is used to mine Ethereum on a GPU.

Microsoft recommends that administrators always enable authentication on Kubeflow dashboards if they cannot be isolated from the internet and control their environments (containers, images, and the processes they run).

Let me remind you that I wrote that Microsoft developed a SimuLand lab environment for simulating cyberattacks.

The post Microsoft warns of mining attacks on Kubernetes clusters appeared first on Gridinsoft Blog.