"Over 900,000 Kubernetes Instances Found Exposed Online"

Over 900,000 misconfigured Kubernetes clusters were discovered to be vulnerable to potentially malicious scans on the Internet, with some even vulnerable to data-exposing cyberattacks. Kubernetes is an open-source container orchestration system with a uniform API interface for hosting online services and managing containerized workloads. Remote actors may be able to access internal resources and private assets that were not intended to be made public if Kubernetes is not properly configured. Furthermore, depending on the configuration, intruders may be able to escalate their privileges from containers in order to break isolation and pivot to host processes, granting them initial access to internal corporate networks for future attacks. Cyble researchers used similar scanning tools and search queries to those used by malicious actors to locate exposed Kubernetes instances across the Internet. The results revealed 900,000 Kubernetes servers, with 65 percent (585,000) located in the US, 14 percent in China, 9 percent in Germany, and 6 percent each in the Netherlands and Ireland. The most exposed TCP ports among the exposed servers were "443" with over a million instances, "10250" with 231, and "6443" with 84,400 results. The researchers emphasized that not all of these exposed clusters can be exploited, and even among those that can, the level of risk varies depending on the individual configuration. This article continues to discuss the exposure of over 900,000 misconfigured Kubernetes clusters on the Internet. 

Bleeping Computer reports "Over 900,000 Kubernetes Instances Found Exposed Online"