Hundreds of thousands of endpoints (opens in new tab) New research finds that running Kubernetes APIs are already exposed on the internet and thus may be vulnerable to virus deployments and other cyber-attacks.
A report by the nonprofit Shadowserver Foundation recently scanned 454,729 systems hosting container orchestration systems and found that 84 percent were at least somewhat accessible over the internet. There are 381,654 systems in total.
While exposure to the Internet doesn’t automatically mean compromise, it’s the first and most important step toward a data breach. What’s more, all of this is likely the result of misconfiguration, not intentional.
After all, a recent security report found that most people using Kubernetes don’t know exactly what they’re doing.
“While this does not mean these instances are fully open or vulnerable, it is likely that this level of access was not intended and these instances are unnecessarily exposing the attack surface,” Shadowserver said in a blog post. “They also allow information leakage about versions and builds.”
Of all accessible instances, 201,348 (53%) were located in the United States, the organization said.It emphasizes that companies with Kubernetes API servers with internet access should implement some form of access authorization, or block access at the firewall (opens in new tab)to prevent possible data breaches and cyber attacks.
Kubernetes is a 10-year-old Google container management product for container management in on-premises and public clouds, maintained by the Cloud Native Computing Foundation.
Commercial versions are sold by several software companies. Amazon, Google, IBM, Microsoft, Oracle, Red Hat, SUSE, Platform9, and VMware all offer Kubernetes-based platforms or Infrastructure as a Service (IaaS) to deploy Kubernetes.
According to market analyst Statista, it is very popular and used by most companies worldwide.