Over 900,000 Kubernetes Found Exposed On The Internet

Share post:

Cyble researchers have uncovered a massive 900,000 badly configured Kubernetes servers that are vulnerable on the internet. 65% (585,000) of these servers are located in the United States, 14% in China, 9% in Germany and 6% each in the Netherlands and Ireland.

Among the exposed servers, the most exposed TCP ports were “443” with just over a million instances, “10250” with 231, 200, and “6443” with 84,400 results.

The researchers clarified that not all the exposed servers can be exploited by attackers. The risk varies depending on the individual configuration.

The researchers evaluate the error codes returned to the Kubelet API for the unauthenticated requests to assess how many of the exposed instances may be at significant risk.

Most of exposed server instances return the error code 403, which means that the unauthenticated request is forbidden and cannot be traversed, so attacks against it cannot occur.

“The stats provided in the Kubernetes blog that is published from our end is on the basis of Open-source scanners and the Queries available for the product. As mentioned in the blog, we have searched on the basis of queries “Kubernetes,” “Kubernetes-master,” “KubernetesDashboard,” “K8″ and favicon hashes along with status codes 200,403 & 401,” Cyble explained.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways