Quote:Windows containers have been victimized for over a year by the first known malware to target Windows containers. The ongoing campaign pierces Kubernetes clusters so as to plant backdoors, allowing attackers to steal data and user credentials, or even hijack an entire databases hosted in a cluster
The malware was discovered by Unit 42 security researcher Daniel Prizmant. He dubbed it Siloscape, which he pronounces “Silo escape.” The malware pries open known vulnerabilities in web servers and databases so as to compromise Kubernetes nodes and to backdoor clusters.
In a post published on Monday, Prizmant wrote that Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers, with the main purpose of opening “a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.”
In a separate post, Unit 42 researchers Ariel Zelivansky and Matthew Chiodi compared containers to those used to package different materials together on cargo ships. They’re an easy way to run applications in the cloud, in that they pack different materials together for greater efficiency, allowing development teams to move fast and operate “at almost any scale.”
Running an application in a container this way is referred to as containerization, and like other remote ways to work, it’s picked up steam due to COVID-19. “We’ve seen more and more organizations using containers in the cloud in recent years, especially since the COVID-19 pandemic caused many to seek to move faster and deploy cloud workloads more efficiently,” the researchers noted.
Read more: Windows Container Malware Targets Kubernetes | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
