Not always an issue, but always a possibility
According to new research, hundreds of thousands of endpoints(opens in new tab) running Kubernetes API have been exposed to the internet, making them vulnerable to virus deployment and other cyberattacks.
According to a survey published by the Shadowserver Foundation, 84 percent of the 454,729 servers that host the container orchestration system are accessible via the internet, at least to some extent. There are 381,654 systems in total.
While being accessible to the internet does not necessarily imply that your data has been hacked, it is the first and most crucial step toward a data breach. Furthermore, rather than being intentional, all of them are most likely the result of misconfigurations.
After all, according to a recent security analysis, most Kubernetes users have no idea what they’re doing.
“While this does not mean that these instances are entirely accessible or vulnerable to an attack,” Shadowserver writes in the blog post, “it is likely that this level of access was not intended and that these instances represent an unnecessarily exposed attack surface.” “They also allow for version and build information leakage.”
According to the group, 201,348 (53 percent) of all accessible occurrences were in the United States. To prevent data breaches and assaults, enterprises using internet-accessible Kubernetes API servers should implement some type of access permission or block access at the firewall(opens in new tab).
The Cloud Native Computing Foundation maintains Kubernetes, a ten-year-old Google product for container management on-prem and in the public cloud.
Several software businesses sell commercial versions. Kubernetes-based platforms or infrastructure as a service (IaaS) are available from Amazon, Google, IBM, Microsoft, Oracle, Red Hat, SUSE, Platform9, and VMware.
According to market experts Statista, it is incredibly popular, with most businesses using it.
Now is the time to protect your servers with the strongest antivirus software available.