Security News > 2021 > June > New Kubernetes malware backdoors clusters via Windows containers

New Kubernetes malware backdoors clusters via Windows containers
2021-06-07 10:51

New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities.

It organizes app containers into pods, nodes, and clusters, with multiple nodes forming clusters managed by a master which coordinates cluster-related tasks such as scaling or updating apps.

The malware, dubbed Siloscape by Unit 42 security researcher Daniel Prizmant and the first one to target Windows containers, exploits known vulnerabilities impacting web servers and databases with the end goal of compromising and backdooring Kubernetes clusters.

"Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers. Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers," Prizmant said in a report published today.

Compromised nodes are then probed for credentials that allow the malware to spread to other nodes in the Kubernetes cluster.

Kubernetes admins are advised to switch from Windows containers to Hyper-V containers and ensure that their cluster is securely configured to prevent malware like Siloscape from deploying new malicious containers.


News URL

https://www.bleepingcomputer.com/news/security/new-kubernetes-malware-backdoors-clusters-via-windows-containers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 34 8 92