New Kubernetes Malware Backdoors Clusters Via Windows Containers, Expert Weighs In

By   ISBuzz Team
Writer , Information Security Buzz | Jun 08, 2021 04:07 am PST


A new malware designed to compromise Kubernetes and create backdoors into businesses. This new malware has been active for more than a year and is compromising Windows containers to compromise Kubernetes clusters, using various container escape tactics to achieve code execution on the underlying Kubernetes node.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Sergio Loureiro
Sergio Loureiro , Cloud Security Director
June 8, 2021 12:45 pm

<p>Even if Windows containers are less popular than Linux (and teams should use Hyper-V containers), this awesome attack illustrates an escape from containers to host and a technique to spread to Kubernetes clusters. Therefore highlighting the importance for security teams to discover easy to attack workloads and keeping hardened Kubernetes configurations. Kubernetes clusters are very handy to mine cryptocurrency and will pay for the sophistication of the attack obfuscation.</p>

Last edited 2 years ago by Sergio Loureiro
Trevor Morgan
Trevor Morgan , Product Manager
June 8, 2021 12:43 pm

<p>Enterprises adopt cloud native strategies because they want to accelerate their ability to innovate. Unfortunately, most organizations struggle with the right level of data security to avoid compromise with cloud native application architectures. Malware like Siloscape complicates this endeavor by striking at the core of containerization and creates real hesitation on the part of cloud native development efforts, threatening to slow down these processes and defeat the very agility these organizations seek. Malware threats set up a false choice between being nimble and being cautious and secure with sensitive data.</p>

Last edited 2 years ago by Trevor Morgan
Kevin Bocek
Kevin Bocek , VP Security Strategy & Threat Intelligence
June 8, 2021 12:09 pm

<p>This is no surprise. This is yet another example of hackers targeting developer pipelines and underlying cloud infrastructures, a trend that is continuing the rise. We are seeing several examples that attackers are shifting left of developers. Targeting Kubernetes is a smart move, as it is being quickly established as <i>the</i> business operating system of the next decade. Especially alarming is that attackers are now using malware to scour Kubernetes clusters for machine identities – like TLS certificates. Attackers are also preying on weak supply chain controls in Kubernetes, where any code can run – unlike an iPhone or Android phone, which rely on machine identities to know what ‘good’ or ‘bad’ code is. Security teams have a long way to go in keep up. There’s no time like now to start; this is just the beginning!</p>

Last edited 2 years ago by Kevin Bocek

Recent Posts

Would love your thoughts, please comment.x