Nasty new malware abuses Windows containers to breach cloud environments

Roughly two dozen active campaigns identified, say researchers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have shared information about a “first-of-its-kind"malwaredesigned specifically to targetKubernetesclusters running atop Windows.

Researchers at Unit 42, the threat intelligence team at Palo Alto Networks, have named the malwareSiloscape,since its main goal is to escape Windows containers.

“Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers. Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers,” said Unit 42, in its detailed analysis of the malware.

The researchers managed to access the malware’s command and control (C2) server, which revealed that it has managed to compromise about two dozen victims, which the malware is actively abusing.

Severe malware

Severe malware

Cloud malware isn’t new, especially given the rise ofcloud computing. However, the Unit 42 researchers believe what makes Siloscape more dangerous than others is that it opens a backdoor that can be used for all kinds of malicious activities.

They argue that compromising an entire cluster is a lot more severe than compromising an individual container, since a cluster typically runs severalcloud applications.

For example,ransomwareauthors could leverage Siloscape to take over all files hosted inside a cluster.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Furthermore, since many companies use Kubernetes clusters as their development and testing environments, the researchers warned that Siloscape could even be used to orchestrate supply chain campaigns.

“Siloscape shows us the importance of container security, as the malware wouldn’t be able to cause any significant damage if not for the container escape. It is critical that organizations keep a well-configured and secured cloud environment to protect against such threats,” the researchers conclude.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Alien: Romulus gets a Hulu release date but there’s still no word on when it’s coming to Disney Plus