Nearly half a million Kubernetes servers left open to the Internet

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

Hundreds of thousands of endpoints (opens in new tab) running Kubernetes API have been exposed to the internet, and so could potentially be vulnerable to virus deployment and other cyberattacks, new research has found.

A report from nonprofit organization The Shadowserver Foundation recently scanned a total of 454,729 systems hosting the container orchestration system, and found 84% to be accessible via the internet, at least to some degree. That’s a total of 381,654 systems. 

While being exposed to the internet does not automatically mean compromised, it is the first, and most important step, toward a data breach. What’s more all of these are most likely the result of misconfigurations, rather than intent.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab)

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

Implementing authentication

After all, a recent security report found that most people using Kubernetes don’t know exactly what they’re doing.

"While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver says in the blog post. "They also allow for information leakage on version and build."

Of all the accessible instances, 201,348 (53%) were located in the United States, the organization stated. It stressed that companies with internet-accessible Kubernetes API servers should implement some form of access authorization, or block access at the firewall (opens in new tab), to prevent possible data breaches and cyberattacks.

Kubernetes is a ten-year-old Google product for container management, both on-prem and in the public cloud, maintained by the Cloud Native Computing Foundation. 

Commercial versions are sold by multiple software companies. Amazon, Google, IBM, Microsoft, Oracle, Red Hat, SUSE, Platform9, and VMware, all offer Kubernetes-based platforms or infrastructure as a service (IaaS) that deploy Kubernetes.

It is extremely popular, being used by most companies worldwide, according to market analysts Statista.

Via: The Register (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.