Over 900,000 Kubernetes Found Exposed On The Internet

Share post:

Cyble researchers have uncovered a massive 900,000 badly configured Kubernetes servers that are vulnerable on the internet. 65% (585,000) of these servers are located in the United States, 14% in China, 9% in Germany and 6% each in the Netherlands and Ireland.

Among the exposed servers, the most exposed TCP ports were “443” with just over a million instances, “10250” with 231, 200, and “6443” with 84,400 results.

The researchers clarified that not all the exposed servers can be exploited by attackers. The risk varies depending on the individual configuration.

The researchers evaluate the error codes returned to the Kubelet API for the unauthenticated requests to assess how many of the exposed instances may be at significant risk.

Most of exposed server instances return the error code 403, which means that the unauthenticated request is forbidden and cannot be traversed, so attacks against it cannot occur.

“The stats provided in the Kubernetes blog that is published from our end is on the basis of Open-source scanners and the Queries available for the product. As mentioned in the blog, we have searched on the basis of queries “Kubernetes,” “Kubernetes-master,” “KubernetesDashboard,” “K8″ and favicon hashes along with status codes 200,403 & 401,” Cyble explained.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google leader gives a tough message to employees

Google's search chief, Prabhakar Raghavan, delivered a powerful message to employees at a recent all-hands meeting: the tech...

Silicon Valley tech founder sentenced to prison for fraud

In a significant shake-up in Silicon Valley, Manish Lachwani, co-founder and former CEO of the mobile app-testing company...

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways