Kinsing malware exploiting misconfigured and exposed PostgreSQL servers

The Kinsing malware is now actively infringing Kubernetes clusters, according to Microsoft’s Defender, by utilizing known flaws in container images and malfunctioning, exposed PostgreSQL containers.

“Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers,” reads a report by Microsoft security researcher Sunders Bruskin.

“Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001).”

The most recent attack represents an increase in the use of two methods by Kinsing operators to gain initial access to a Linux server: exploiting a vulnerability in container images or misconfigured PostgreSQL database servers.

The attackers are now said to be exploiting PostgreSQL server misconfigurations to co-opt the Kinsing actor and gain an initial foothold, with the company observing a “large number of clusters” infected in this manner.

The misconfiguration is related to a trust authentication setting, which could be abused to connect to the servers without any authentication and achieve code execution if the option to accept connections from any IP address is enabled.

“In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat,” Bruskin explained.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web