The Shadowserver Foundation began searching the internet for Kubernetes API servers and discovered over 380,000 that provide some level of access.
The foundation monitors the IPv4 space on ports 443 and 6443 every day, looking for IP addresses that return an HTTP 200 OK response, indicating that the request was successful. Shadowserver found over 450,000 Kubernetes API instances, with 381,645 responding with “200 OK.” This does not mean the servers are completely open or vulnerable to attacks, but Shadowserver feels they are an “unnecessarily exposed attack surface” with access levels that were probably not intended.
More than half of the disclosed instances are in the US, with many more in Western Europe, Southeast Asia, and Australia.
Read More: https://www.securityweek.com/over-380000-kubernetes-api-servers-exposed-internet-shadowserver
