380K Kubernetes API Servers Exposed to Public Internet
According to the Shadowserver Foundation, who first discovered the security incident, more than 380,000 of 450,000 Kubernetes servers hosting the open-source container-orchestration engine for managing cloud deployments are vulnerable to third party access. The popular engine for managing cloud deployments is therefore an easy target, providing a broad attack surface for threat actors. The exposed servers were discovered when the Shadowserver Foundation scanned the internet for Kubernetes API servers. The organization released a blog post addressing the security concerns earlier this week.
Shadowserver found that the “open” API instances constituted nearly 84% of all instances that it scanned. In addition, roughly 53% of the exposed servers were located in the United States. Although this does not mean that every server is fully open or vulnerable to attacks, it has created an unnecessarily exposed attack surface, Shadowserver said. The findings are concerning given that attackers have been increasingly targeting Kubernetes cloud clusters and leveraging them to launch other attacks against cloud services.