You’re invited to hear a live threat briefing with one of Unit 42’s elite threat researchers, Daniel Prizmant, who discovered the first known malware targeting Windows containers, named Siloscape. Matt Chiodi, CSO of Public Cloud at Palo Alto Networks, will interview Daniel about Siloscape findings. Siloscape is an extremely stealthy malware that uses sophisticated code obfuscation techniques and communicates to its command and control (C2) server over the Tor network (open-source software for enabling anonymous communication, also known as the “Darknet”) to communicate safely with its C2. 

Unit 42 researchers have previously only seen malware targeting containers in Linux due to the popularity of that operating system in cloud environments. Unit 42 has identified 23 Siloscape victims and discovered evidence that the campaign has been taking place for more than a year. Siloscape targets Windows containers and opens up a backdoor to a Kubernetes cluster. This then gives an attacker access to run arbitrary code anywhere in the victim’s cluster. 

With this access, an attacker could conduct a wide variety of attacks against an organization, for example, ransomware by locking/encrypting the cluster, cryptojacking by using cloud computing power, distributed denial of service (DDoS) by using cloud computing power as part of a botnet, and data exfiltration by stealing data within the cluster. Even if the infected container within the cluster gets shut down, the attacker is still in control. They can create new containers, execute code in existing containers or shut down others.

Join our live threat briefing to learn more about Siloscape and how to protect your enterprise.