A new threat puts Windows containers at risk
This new malware stands out for being able to exploit Windows containers. You can compromise clusters of Kubernetes, with the mission of allowing the entry of hackers and being able to carry out their cyber attacks.
Keep in mind that Kubernetes was initially developed by Google. It is an open source system that allows you to automate different tasks and control containerized applications. Lets you organize those containers into pods, nodes, or clusters.
These attacks deploy a malware known as Siloscape. It is known for being the first to target Windows containers and exploit different known vulnerabilities that may exist and that affect web servers or databases.
The main objective is to open a back door
We can say that its main objective is to open a back door in Kubernetes clusters that are badly configured and thus exploit them maliciously. When you compromise the servers you are able to execute malicious code on the Kubernetes nodes.
This way you can achieve the credentials for spread malware to other different nodes. Subsequently, the Siloscape malware establishes contact with the command and control server via the anonymous TOR network.
However, security researchers have indicated that this malware it is just a small part of a much larger network that has been attacking for over a year.
All of this can expose victims to a wide variety of attacks, such as the ransomware. Many of these attacks focus on secretly mining cryptocurrencies or launching DDoS attacks, but in the case of Siloscape it is different.
The main objective, as we have indicated, is to create a back door in the Kubernetes clusters. In this way, it gives the attackers free rein.
The advice from security researchers is for users to make sure they have clusters correctly configured and updated to avoid problems of this kind. They also offer the alternative of using other options, such as Hyper-V containers.
As we always say, it is very important to have the correctly updated equipment. There are many possibilities that exist of security problems, vulnerabilities and failures that can be exploited by third parties. Hence, we must always keep the devices with the latest versions and not make any kind of mistake. This is something that we must apply regardless of the operating system we are using, as well as the type of program.
In short, they have detected a new malware capable of exploiting Windows containers. Security researchers have recommended carrying out a series of acts as we have indicated to avoid being victims of this problem.