Researchers at Palo Alto Unit 42 have discovered what they think is the first malware strain known to target Windows cloud containers.
In new research unveiled June 7, senior security researcher Daniel Prizmant wrote that the malware, called Siloscape, attacks misconfigured Kubernetes clusters and allows for the creation of malicious containers that a threat actor could then leverage to gain backdoor access to a victim network as well as remote code execution privileges.
Siloscape is extremely stealthy, using code obfuscation and communicating with its command and control server over the anonymous Tor network to hide its presence. Researchers have found more than 23 Siloscape victims thus far and Matt Chiodi, chief security officer for public cloud at Palo Alto Networks, told SC Media in an interview that the evidence indicates this campaign has been underway for more than a year.
"Whoever developed it… they are using it as a low and slow campaign for something much greater in the future," said Chiodi.
Because Siloscape targets clusters rather than a single container, the malware opens the door to a number of potentially damaging scenarios.
By infecting an entire cluster, the malware’s reach can extend across multiple cloud applications, facilitate broad credentials theft, compromise entire databases or serve as a perch to encrypt for a ransomware attack. If the infected cluster is used for development or testing of software, it could also allow an attacker to carry out more damaging supply chain attacks on downstream users.
“Unlike most cloud malware, which mostly focuses on resource hijacking and denial of service (DoS), Siloscape doesn’t limit itself to any specific goal,” Prizmant wrote. “Instead, it opens a backdoor to all kinds of malicious activities.”
Similar to virtual machines, containers are often used in cloud environments as a way for organizations to test security policies and ensure interoperability within a larger cloud network, all while hiding the host operating system from whatever applications are running. However, the widespread assumption among IT security teams that containers can, like virtual machines, provide the same level of separation from the host system or network may be putting companies at risk.
Prizmant discovered a vulnerability last year that would allow an attacker to escape from a Windows container into the actual host network. However, he said Microsoft initially declined to classify it as a vulnerability since it doesn't consider containers a true security barrier that is separate from the larger host network or system.
After Google’s Project Zero released its own research demonstrating how an attacker could exploit similar flaws to damaging effect, Microsoft patched four privilege escalation vulnerabilities related to the problem in March 2021.
But even while demonstrating the need for patching in certain areas, Project Zero ultimately endorsed Microsoft’s original conclusion that users should not treat Windows containers as a true security boundary, saying it’s likely researchers have only scratched the surface when it comes to finding ways to exploit and escape them into a victim’s real environment.
“The decision by Microsoft to not support Windows Server Containers as a security boundary looks to be a valid one, as there’s just so much attack surface here,” wrote Project Zero’s James Forshaw in April, later adding “The official guidance for [Google Kubernetes Engine] is to not use Windows Server Containers in hostile multi-tenancy scenarios.”
Essentially, Microsoft and Google are telling users not to put anything on their Windows containers that they wouldn’t feel comfortable running on their live environment. Chiodi said there remains a substantial education gap around these risks among the broader community of companies and users that rely on containerization.
Like Project Zero, Chiodi also warned that the attack surface around this issue is broad, and this is likely the beginning of greater malware activity targeting Windows containers as copycats and other cybercriminals follow the trail blazed by Siloscape.
“There are many cybersecurity practitioners that are still not that familiar with the whole containerized security model. They think of it as a traditional [virtual machine] which it’s not, so I think there is an educational component,” said Chiodi in an interview.
Chiodi said it’s been less than two years since researchers started discovering malware targeting containers, and even then it was exclusively for Linux-based clouds. As Windows containers and Kubernetes has become more popular, it was only a matter of time before something like Siloscape was discovered in the wild. He thinks it could lead to a rush of other malware strains specifically geared towards Windows cloud containers in the future, and enterprises need to start paying more attention.
There’s no patch or upgrade available, but Unit 42 did offer indicators of compromise to aid with detection efforts. Beyond that, Chiodi said Palo Alto Networks is telling clients to follow Microsoft’s own guidance about how to safely use containers, limit the privileges of each node using Kubernetes authorization in order to reduce the malware’s reach, and ensure that other deployments and applications are fully updated and regularly scanned.