Threatpost reports that nearly 84% of more than 450,000 Kubernetes API server instances have been allowing public internet access, providing a broad attack surface that is vulnerable to cyberattacks.
The U.S. accounted for almost 53% of the accessible Kubernetes servers, a report from the Shadowserver Foundation revealed. "This level of access was likely not intended," said researchers.
The prevalence of exposed Kubernetes servers was no longer a surprise for AG Cybersecurity Expert Erfan Shadabi. "White [Kubernetes] provides massive benefits to enterprises for agile app delivery, there are a few characteristics that make it an ideal attack target for exploitation. For instance, as a result of having many containers, Kubernetes has a large attack surface that could be exploited if not pre-emptively secured," Shadabi said, adding that organizations should prioritize securing Kubernetes similarly as they secure other parts of their IT infrastructure. Organizations with exposed Kubernetes instances should also consider access authorization or firewall-level blocking measures, according to Shadowserver.