380K Kubernetes API Servers Exposed to Public Internet

More than 380,000 of the more than 450,000 servers hosting the open-source container-orchestration engine for managing cloud deployments permit access in some form.

Researchers have discovered that more than 380,000 Kubernetes API servers provide access to the public internet, making the popular open-source container-orchestration engine for managing cloud deployments an easy target with a large attack surface for threat actors.

According to a blog post published this week, the Shadowserver Foundation discovered the access when it scanned the internet for Kubernetes API servers, of which there are over 450 thousand.

According to the post, “ShadowServer conducts daily scans of the IPv4 space on ports 443 and 6443, looking for IP addresses that respond with an “HTTP 200 OK status,” indicating that the request was successful.”

381 645 instances of Kubernetes API instances identified by Shadowserver responded with “200 OK,” according to researchers. Shadowserver discovered 454,729 Kubernetes API servers in total. Thus, nearly 84 percent of all instances that Shadowserver scanned are “open” API instances.

According to the post, the majority of accessible Kubernetes servers — 201,348 or nearly 53 percent — were located in the United States.

According to the post, while this response to the scan does not imply that the servers are fully open or vulnerable to attacks, it does create a scenario in which the servers have an “unnecessarily exposed attack surface.”

Researchers noted: “This level of access was likely not intended.” The exposure also permits version and build information to leak, they added.

Cloud Being Attacked

Given that attackers are increasingly targeting Kubernetes cloud clusters and using them to launch other attacks against cloud services, the findings are concerning. Historically, cloud deployments have been plagued by widespread misconfiguration, and Kubernetes is no different.

Erfan Shadabi, a cybersecurity expert at the data-security company comforte AG, stated in an email to Threatpost that he was not surprised that the Shadowserver scan uncovered so many Kubernetes servers that were accessible via the public internet.

“While [Kubernetes] offers enterprises massive benefits for agile application delivery, there are a few characteristics that make it an ideal attack target,” he said. “For instance, Kubernetes has a large attack surface due to its many containers, which could be exploited if not secured beforehand.”

Open-Source Security Is Vulnerable

The findings also raise the age-old question of how to build security into open-source systems that have become ubiquitous as part of the modern internet and cloud-based infrastructure, attacking them and attacking all the connected systems.

In December of last year, the Log4Shell vulnerability in the ubiquitous Java logging library Apache Log4j was discovered, bringing this issue to the forefront.

Attackers continue to target the vulnerability, which is easily exploitable and can permit unauthenticated remote code execution (RCE) and complete server takeover. In fact, despite the availability of a patch for Log4Shell, millions of Java applications are still vulnerable, according to a recent report.

Shadabi stated that one of Kubernetes’ Achilles’ heels is that the data-security capabilities built into the platform are “minimal” – protecting data at rest and in motion. In a cloud environment, this is a risky proposition.

“There is no persistent protection of data itself, such as with industry-standard techniques such as field-level tokenization,” he noted. If an ecosystem is compromised, it is only a matter of time before the sensitive data it processes falls prey to a more subtle attack.

He advised organizations that use containers and Kubernetes in production environments to take Kubernetes security as seriously as they do other aspects of their IT infrastructure.

Shadowserver recommended that administrators implement authorization for access or block at the firewall level if they discover that a Kubernetes instance in their environment is accessible from the internet. This would reduce the attack surface.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Malware GuLoader Using New Methods to Avoid Security Software

December 26, 2022

Researchers in cyber security have uncovered a vast array of techniques used by the advanced malware downloader GuLoader to circumvent security software. “New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.


BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.