CyberNews Briefs

380K Kubernetes API Servers Exposed to Public Internet

According to the Shadowserver Foundation, who first discovered the security incident, more than 380,000 of 450,000 Kubernetes servers hosting the open-source container-orchestration engine for managing cloud deployments are vulnerable to third party access. The popular engine for managing cloud deployments is therefore an easy target, providing a broad attack surface for threat actors. The exposed servers were discovered when the Shadowserver Foundation scanned the internet for Kubernetes API servers. The organization released a blog post addressing the security concerns earlier this week.

Shadowserver found that the “open” API instances constituted nearly 84% of all instances that it scanned. In addition, roughly 53% of the exposed servers were located in the United States. Although this does not mean that every server is fully open or vulnerable to attacks, it has created an unnecessarily exposed attack surface, Shadowserver said. The findings are concerning given that attackers have been increasingly targeting Kubernetes cloud clusters and leveraging them to launch other attacks against cloud services.

Read More: 380K Kubernetes API Servers Exposed to Public Internet

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.