New Kubernetes Malware Backdoors Clusters Via Windows Containers, Expert Weighs In

BACKGROUND:

A new malware designed to compromise Kubernetes and create backdoors into businesses. This new malware has been active for more than a year and is compromising Windows containers to compromise Kubernetes clusters, using various container escape tactics to achieve code execution on the underlying Kubernetes node.

Experts Comments

June 08, 2021
Sergio Loureiro
Cloud Security Director
Outpost24

Even if Windows containers are less popular than Linux (and teams should use Hyper-V containers), this awesome attack illustrates an escape from containers to host and a technique to spread to Kubernetes clusters. Therefore highlighting the importance for security teams to discover easy to attack workloads and keeping hardened Kubernetes configurations. Kubernetes clusters are very handy to mine cryptocurrency and will pay for the sophistication of the attack obfuscation.

June 08, 2021
Trevor Morgan
Product Manager
comforte AG

Enterprises adopt cloud native strategies because they want to accelerate their ability to innovate. Unfortunately, most organizations struggle with the right level of data security to avoid compromise with cloud native application architectures. Malware like Siloscape complicates this endeavor by striking at the core of containerization and creates real hesitation on the part of cloud native development efforts, threatening to slow down these processes and defeat the very agility these

.....Read More

Enterprises adopt cloud native strategies because they want to accelerate their ability to innovate. Unfortunately, most organizations struggle with the right level of data security to avoid compromise with cloud native application architectures. Malware like Siloscape complicates this endeavor by striking at the core of containerization and creates real hesitation on the part of cloud native development efforts, threatening to slow down these processes and defeat the very agility these organizations seek. Malware threats set up a false choice between being nimble and being cautious and secure with sensitive data.

  Read Less
June 08, 2021
Kevin Bocek
VP Security Strategy & Threat Intelligence
Venafi

This is no surprise. This is yet another example of hackers targeting developer pipelines and underlying cloud infrastructures, a trend that is continuing the rise. We are seeing several examples that attackers are shifting left of developers. Targeting Kubernetes is a smart move, as it is being quickly established as the business operating system of the next decade. Especially alarming is that attackers are now using malware to scour Kubernetes clusters for machine identities – like TLS

.....Read More

This is no surprise. This is yet another example of hackers targeting developer pipelines and underlying cloud infrastructures, a trend that is continuing the rise. We are seeing several examples that attackers are shifting left of developers. Targeting Kubernetes is a smart move, as it is being quickly established as the business operating system of the next decade. Especially alarming is that attackers are now using malware to scour Kubernetes clusters for machine identities – like TLS certificates. Attackers are also preying on weak supply chain controls in Kubernetes, where any code can run – unlike an iPhone or Android phone, which rely on machine identities to know what ‘good’ or ‘bad’ code is. Security teams have a long way to go in keep up. There’s no time like now to start; this is just the beginning!

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.