Over 900,000 Kubernetes instances were found exposed online

Jun 30, 2022

Check your Kubernetes clusters are properly configured to withstand unauthorized external access attempts with Kubescape

Recent research by Cyble showed that over 900,000 Kubernetes clusters were found exposed to the internet to potentially malicious scans. Some of them are susceptible to known vulnerabilities exploitations. 

The research found two main elements that were exposed–

- Kubernetes control plane (also called API server) - The interface to control cluster

- Worker nodes (also called Kubelet) -  The interface to nodes

Even though Kubernetes deployments best practices recommend isolating access to KubeAPI servers with bastion hosts, many of them remain openly exposed to the internet, as the research shows. 

Using Kubescape to detect misconfigured clusters

Kubernetes control plane and/or worker nodes are left exposed to the public internet by default in many cases, especially in managed Kubernetes environments. 

You can use Kubescape to test if your control plane is protected by authentication and access control -

Also, Use Kubescape to test the general security hygiene of your clusters

Stay up to date