Cyble researchers have uncovered a massive 900,000 badly configured Kubernetes servers that are vulnerable on the internet. 65% (585,000) of these servers are located in the United States, 14% in China, 9% in Germany and 6% each in the Netherlands and Ireland.<\/p>\n
Among the exposed servers, the most exposed TCP ports were “443” with just over a million instances, “10250” with 231, 200, and “6443” with 84,400 results.<\/p>\n
The researchers clarified that not all the exposed servers can be exploited by attackers. The risk varies depending on the individual configuration.<\/p>\n
The researchers evaluate the error codes returned to the Kubelet API for the unauthenticated requests to assess how many of the exposed instances may be at significant risk.<\/p>\n
Most of exposed server instances return the error code 403, which means that the unauthenticated request is forbidden and cannot be traversed, so attacks against it cannot occur.<\/p>\n
“The stats provided in the Kubernetes blog that is published from our end is on the basis of Open-source scanners and the Queries available for the product. As mentioned in the blog, we have searched on the basis of queries \u201cKubernetes,” “Kubernetes-master,” “KubernetesDashboard,” “K8″ and favicon hashes along with status codes 200,403 & 401,” Cyble explained.<\/p>\n