BACKGROUND:
A new malware designed to compromise Kubernetes and create backdoors into businesses. This new malware has been active for more than a year and is compromising Windows containers to compromise Kubernetes clusters, using various container escape tactics to achieve code execution on the underlying Kubernetes node.
<p>Even if Windows containers are less popular than Linux (and teams should use Hyper-V containers), this awesome attack illustrates an escape from containers to host and a technique to spread to Kubernetes clusters. Therefore highlighting the importance for security teams to discover easy to attack workloads and keeping hardened Kubernetes configurations. Kubernetes clusters are very handy to mine cryptocurrency and will pay for the sophistication of the attack obfuscation.</p>
<p>Enterprises adopt cloud native strategies because they want to accelerate their ability to innovate. Unfortunately, most organizations struggle with the right level of data security to avoid compromise with cloud native application architectures. Malware like Siloscape complicates this endeavor by striking at the core of containerization and creates real hesitation on the part of cloud native development efforts, threatening to slow down these processes and defeat the very agility these organizations seek. Malware threats set up a false choice between being nimble and being cautious and secure with sensitive data.</p>
<p>This is no surprise. This is yet another example of hackers targeting developer pipelines and underlying cloud infrastructures, a trend that is continuing the rise. We are seeing several examples that attackers are shifting left of developers. Targeting Kubernetes is a smart move, as it is being quickly established as <i>the</i> business operating system of the next decade. Especially alarming is that attackers are now using malware to scour Kubernetes clusters for machine identities – like TLS certificates. Attackers are also preying on weak supply chain controls in Kubernetes, where any code can run – unlike an iPhone or Android phone, which rely on machine identities to know what ‘good’ or ‘bad’ code is. Security teams have a long way to go in keep up. There’s no time like now to start; this is just the beginning!</p>