You’re invited to hear a live threat briefing with one of Unit 42’s elite threat researchers, Daniel Prizmant, who discovered the first known malware targeting Windows containers, named Siloscape. Matt Chiodi, CSO of Public Cloud at Palo Alto Networks, will interview Daniel about Siloscape findings. Siloscape is an extremely stealthy malware that uses sophisticated code obfuscation techniques and communicates to its command and control (C2) server over the Tor network (open-source software for enabling anonymous communication, also known as the “Darknet”) to communicate safely with its C2.
Unit 42 researchers have previously only seen malware targeting containers in Linux due to the popularity of that operating system in cloud environments. Unit 42 has identified 23 Siloscape victims and discovered evidence that the campaign has been taking place for more than a year. Siloscape targets Windows containers and opens up a backdoor to a Kubernetes cluster. This then gives an attacker access to run arbitrary code anywhere in the victim’s cluster.
With this access, an attacker could conduct a wide variety of attacks against an organization, for example, ransomware by locking/encrypting the cluster, cryptojacking by using cloud computing power, distributed denial of service (DDoS) by using cloud computing power as part of a botnet, and data exfiltration by stealing data within the cluster. Even if the infected container within the cluster gets shut down, the attacker is still in control. They can create new containers, execute code in existing containers or shut down others.
Join our live threat briefing to learn more about Siloscape and how to protect your enterprise.
Daniel started out his career developing hacks for video games and soon became a professional in the information security field. He is an expert in anything related to reverse engineering, vulnerability research and the development of fuzzers and other research tools. To this day Daniel is passionate about reverse engineering video games at his leisure. Before joining Palo Alto Networks Daniel was employed at CheckPoint, KayHut and Nyotron. Daniel holds a Bachelor of Computer Science from Ben Gurion University.
Matt Chiodi has nearly two decades of security leadership experience and is currently the Chief Security Officer of Public Cloud at Palo Alto Networks. He is a frequent blogger, podcaster, and speaker at industry events such as RSA. He currently leads the Unit 42 Cloud Threat team which is an elite group of security researchers exclusively focused on public cloud concerns. He is also on faculty at IANS Research.