Nearly half a million Kubernetes servers left open to the Internet

[jeyare]

I waited for it to come. And it comes. There is a growing number of people who have run something they don't understand at all and it is offered as a single button deployment: Kubernetes.

Hundreds of thousands of endpoints running Kubernetes API have been exposed to the internet, and so could potentially be vulnerable to virus deployment and other cyberattacks, new research has found.
More here:

Nearly half a million Kubernetes servers left open to the Internet

Not necessarily a problem, but certainly a risk

www.techradar.com

And Truenas Scale will also be helped by the state it is in - an unfinished system that people are installing as ready-made, including their TrueCharts running on the K3S.
The number of directly accessible instances of TrueNas over 80 increase and will not wait long for similar messages.
Give people the opportunity to push their data out, they won't hesitate.

And it will grow.

 

[jeyare]

default 6443 exposed to internet, OMG

I have already sent my research report to iX (TrueNas) that they could contact the exposed IP addresses I found in the list via Shodan (advanced filtration used, incl 6443, ...) to suggest help with them to stop publishing the API server. After all, they actually have a forum, members, IP addresses, ...
This is pure tragedy.

btw, here is the original report:

Over 380 000 open Kubernetes API servers | The Shadowserver Foundation

We have recently started scanning for accessible Kubernetes API instances that respond with a 200 OK HTTP response to our probes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. We find over 380 000 Kubernetes API daily that...

www.shadowserver.org

 

[itsjasper]

It is crazy... yet entirely predictable.