New Kubernetes Malware Backdoors Clusters Via Windows Containers, Expert Weighs In

BACKGROUND:

A new malware designed to compromise Kubernetes and create backdoors into businesses. This new malware has been active for more than a year and is compromising Windows containers to compromise Kubernetes clusters, using various container escape tactics to achieve code execution on the underlying Kubernetes node.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Sergio Loureiro
Sergio Loureiro , Cloud Security Director
InfoSec Expert
June 8, 2021 12:45 pm

<p>Even if Windows containers are less popular than Linux (and teams should use Hyper-V containers), this awesome attack illustrates an escape from containers to host and a technique to spread to Kubernetes clusters. Therefore highlighting the importance for security teams to discover easy to attack workloads and keeping hardened Kubernetes configurations. Kubernetes clusters are very handy to mine cryptocurrency and will pay for the sophistication of the attack obfuscation.</p>

Last edited 1 year ago by Sergio Loureiro
Trevor Morgan
Trevor Morgan , Product Manager
InfoSec Expert
June 8, 2021 12:43 pm

<p>Enterprises adopt cloud native strategies because they want to accelerate their ability to innovate. Unfortunately, most organizations struggle with the right level of data security to avoid compromise with cloud native application architectures. Malware like Siloscape complicates this endeavor by striking at the core of containerization and creates real hesitation on the part of cloud native development efforts, threatening to slow down these processes and defeat the very agility these organizations seek. Malware threats set up a false choice between being nimble and being cautious and secure with sensitive data.</p>

Last edited 1 year ago by Trevor Morgan
Kevin Bocek
Kevin Bocek , VP Security Strategy & Threat Intelligence
InfoSec Expert
June 8, 2021 12:09 pm

<p>This is no surprise. This is yet another example of hackers targeting developer pipelines and underlying cloud infrastructures, a trend that is continuing the rise. We are seeing several examples that attackers are shifting left of developers. Targeting Kubernetes is a smart move, as it is being quickly established as <i>the</i> business operating system of the next decade. Especially alarming is that attackers are now using malware to scour Kubernetes clusters for machine identities – like TLS certificates. Attackers are also preying on weak supply chain controls in Kubernetes, where any code can run – unlike an iPhone or Android phone, which rely on machine identities to know what ‘good’ or ‘bad’ code is. Security teams have a long way to go in keep up. There’s no time like now to start; this is just the beginning!</p>

Last edited 1 year ago by Kevin Bocek
3
0
Would love your thoughts, please comment.x
()
x