There are many security threats that could affect our devices in one way or another. Hackers constantly perfect their attacks and find ways to bypass security measures. This means that we must always be prepared to protect ourselves adequately. In this article we report on a new malware capable of attacking Windows containers .
A new threat puts Windows containers at risk
This new malware stands out for being able to exploit Windows containers. It can compromise Kubernetes clusters, with the mission of allowing hackers in and being able to carry out their cyber attacks.
Keep in mind that Kubernetes was initially developed by Google. It is an open source system that allows you to automate different tasks and control containerized applications. Lets you organize those containers into pods, nodes, or clusters.
These attacks deploy a malware known as Siloscape . It is known for being the first to target Windows containers and be able to exploit different known vulnerabilities that may exist and that affect web servers or databases.
The main objective is to open a back door
We can say that its main objective is to open a back door in Kubernetes clusters that are badly configured and thus exploit them maliciously. When it compromises the servers, it is capable of executing malicious code on the Kubernetes nodes.
This way you can achieve the credentials to spread malware to other different nodes. Subsequently, the Siloscape malware establishes contact with the command and control server via the anonymous TOR network.
However, security researchers have indicated that this malware is only a small part of a much larger network that has been attacking for more than a year.
All of this can expose victims to a wide variety of attacks, such as ransomware . Many of these attacks focus on secretly mining cryptocurrencies or launching DDoS attacks, but in the case of Siloscape it is different.
The main goal, as we have indicated, is to create a backdoor in the Kubernetes clusters . In this way, it gives free rein to the attackers.
The advice given by security researchers is for users to make sure they have clusters configured and up-to-date to avoid problems of this kind. They also offer the alternative of using other options, such as Hyper-V containers.
As we always say, it is very important to have the equipment properly updated . There are many possibilities that exist of security problems, vulnerabilities and failures that can be exploited by third parties. Hence, we must always keep the devices with the latest versions and not make any kind of mistake. This is something that we must apply regardless of the operating system we are using, as well as the type of program.
In short, they have detected a new malware capable of exploiting Windows containers. Security researchers have recommended carrying out a series of acts as we have indicated to avoid being victims of this problem.