Researchers Find 380,000 Open Kubernetes Servers

Researchers at the Shadowserver Foundation found the vast majority of Kubernetes API servers were exposed to the public internet, a cause for concern given the increase in Kubernetes-based cyberattacks. 

The study, which identified 450,000 Kubernetes API servers, found that 380,000 allowed some form of access. The United States housed the most open servers, with 52% located in the country. 

See Also: Continuous Intelligence Needed to Parry New Cyber Threats

“While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended, and these instances are an unnecessarily exposed attack surface,” said researchers at Shadowserver Foundation. “They also allow for information leakage on version and builds.”

Shadowserver suggests businesses should implement authorization for access at the firewall level, to mitigate exposed attack surface. 

“While Kubernetes provides massive benefits to enterprises for agile app delivery, there are a few characteristics that make it an ideal attack target for exploitation,” said cyber security expert, Erfan Shadabi. “For instance, as a result of having many containers, Kubernetes has a large attack surface that could be exploited if not pre-emptively secured.”

Kubernetes does come with in-built security features, such as role-based access control, pod security policies, and network policies, which if enacted should provide businesses with adequate protection against cyberattacks. However, as Shadabi alluded to, Kubernetes covers a lot of ground and will run whatever containers it is told to run, without scanning for potential vulnerabilities or malicious content. 

This means that businesses need to have good data practices and potentially leverage externals tools to beef up the security gaps presented by the container-based system.