For the first time ever, cybersecurity researchers have identified malware designed specifically to target Windows containers.
The malware was discovered by researchers from security firm Palo Alto Networks, who named it Siloscape, as its main goal is to escape the container. From here, it aims to open backdoors into poorly configured Kubernetes clusters.
In a blog post, researcher Daniel Prizmant said he wasn’t all that surprised to find the new strain in the wild, given the recent “massive surge” in cloud adoption.
Upon further investigation, it was found that Siloscape is “just a small part” of a larger network that has been running for more than a year now, and which is still active. It works by using the Tor proxy and a .onion domain to anonymously connect to its C&C server. Palo Alto managed to access the server and discovered 23 active infections.
Discussing the severity of the problem, Prizmant explained that a compromised cluster is much more dangerous than a breached container, allowing attackers to steal a vast number of login credentials and confidential files.
“Such an attack could even be leveraged as a ransomware attack by taking the organization’s files hostage,” he added.