Over 900,000 Kubernetes Found Exposed On The Internet

Share post:

Cyble researchers have uncovered a massive 900,000 badly configured Kubernetes servers that are vulnerable on the internet. 65% (585,000) of these servers are located in the United States, 14% in China, 9% in Germany and 6% each in the Netherlands and Ireland.

Among the exposed servers, the most exposed TCP ports were “443” with just over a million instances, “10250” with 231, 200, and “6443” with 84,400 results.

The researchers clarified that not all the exposed servers can be exploited by attackers. The risk varies depending on the individual configuration.

The researchers evaluate the error codes returned to the Kubelet API for the unauthenticated requests to assess how many of the exposed instances may be at significant risk.

Most of exposed server instances return the error code 403, which means that the unauthenticated request is forbidden and cannot be traversed, so attacks against it cannot occur.

“The stats provided in the Kubernetes blog that is published from our end is on the basis of Open-source scanners and the Queries available for the product. As mentioned in the blog, we have searched on the basis of queries “Kubernetes,” “Kubernetes-master,” “KubernetesDashboard,” “K8″ and favicon hashes along with status codes 200,403 & 401,” Cyble explained.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

North Korean Hackers Trick Employees With New Social Engineering

North Korean Hackers Trick Employees With New Social Engineering, New Prompt Injection Attack Compromises Gemini's Long-Term Memorym Canada's...

Canada’s Tech Sector Faces Continuing Talent Crunch: Hashtag Trending

Report Says Canada's Tech Sector Faces Continuing Talent Crunch Amid Rapid AI Advancements, Study Reveals reCAPTCHA's Lousy At...

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

homson Reuters Wins Landmark AI Copyright Case: Hashtag Trending for Thursday, February 13, 2025

Thomson Reuters Wins Landmark AI Copyright Case, Tumblr joins the fediverse and converts to WordPress, The US and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways