Hundreds of thousands of endpoints (opens in new tab) running Kubernetes API have been exposed to the internet, and so could potentially be vulnerable to virus deployment and other cyberattacks, new research has found.
A report from nonprofit organization The Shadowserver Foundation recently scanned a total of 454,729 systems hosting the container orchestration system, and found 84% to be accessible via the internet, at least to some degree. That’s a total of 381,654 systems.
While being exposed to the internet does not automatically mean compromised, it is the first, and most important step, toward a data breach. What’s more all of these are most likely the result of misconfigurations, rather than intent.
After all, a recent security report found that most people using Kubernetes don’t know exactly what they’re doing.
“While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface,” Shadowserver says in the blog post. “They also allow for information leakage on version and build.”
Of all the accessible instances, 201,348 (53%) were located in the United States, the organization stated. It stressed that companies with internet-accessible Kubernetes API servers should implement some form of access authorization, or block access at the firewall (opens in new tab), to prevent possible data breaches and cyberattacks.
Kubernetes is a ten-year-old Google product for container management, both on-prem and in the public cloud, maintained by the Cloud Native Computing Foundation.
Commercial versions are sold by multiple software companies. Amazon, Google, IBM, Microsoft, Oracle, Red Hat, SUSE, Platform9, and VMware, all offer Kubernetes-based platforms or infrastructure as a service (IaaS) that deploy Kubernetes.
It is extremely popular, being used by most companies worldwide, according to market analysts Statista.