Majority of Kubernetes API Servers Exposed to the Public Internet
Researchers with Shadowserver Foundation have discovered more than 380,000 open Kubernetes API servers exposed on the Internet. That represents 84% of all global Kubernetes API instances observable online.
The research was conducted across IPv4 infrastructure using HTTP GET requests. The researchers didn’t do any intrusive checks to figure out exactly the level of exposure that the servers exhibited, but the findings suggest potential trouble across this landscape.
“While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended, and these instances are an unnecessarily exposed attack surface,” according to the Shadowserver report. “They also allow for information leakage on version and builds.” The densest cluster of exposed API servers was found in the US, where some 201,348 of these open API instances were discovered. That accounts for 53% of the total open servers found.