Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Siloscape – like silo + escape – is a new malware that targets windows containers. This comes as no surprise to anyone since cloud adoption has escalated aggressively over the last few years. Siloscape is a heavily obfuscated malware targeting Kubernetes clusters through Windows containers. Siloscape aims to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.
Siloscape targets clusters instead of individual containers as they contain much more information like usernames and passwords for an entire organization, internal files, and confidential data, and even entire databases. What’s worse is that the attack could be escalated to ransomware instead of simply being a malware infestation attack.
Another critical problem arises as many organizations, moving to the cloud, use Kubernetes clusters as their testing and development environments. A breach of such an environment can lead to devastating software supply chain attacks. The .onion domain is used by the Tor proxy to anonymously connect to a C2 (command and control) server.
Several techniques and behaviors characterize the malware:
The malware can also leverage Kubernetes computing resources for data exfiltration and crypto-jacking.
The IOCs attached are vendor IOCs for their own variant.