Over 900,000 Kubernetes instances were found exposed online

Check your Kubernetes clusters are properly configured to withstand unauthorized external access attempts with Kubescape

Recent research by Cyble showed that over 900,000 Kubernetes clusters were found exposed to the internet to potentially malicious scans. Some of them are susceptible to known vulnerabilities exploitations. 

The research found two main elements that were exposed–

– Kubernetes control plane (also called API server) – The interface to control cluster

– Worker nodes (also called Kubelet) –  The interface to nodes

Even though Kubernetes deployments best practices recommend isolating access to KubeAPI servers with bastion hosts, many of them remain openly exposed to the internet, as the research shows. 

Using Kubescape to detect misconfigured clusters

Kubernetes control plane and/or worker nodes are left exposed to the public internet by default in many cases, especially in managed Kubernetes environments. 

You can use Kubescape to test if your control plane is protected by authentication and access control –

• Control 0053 – Test if Control plane authentication is enabled https://hub.armosec.io/docs/c-0088
• Control 0070 – Test if your nodes are configured properly: https://hub.armosec.io/docs/c-0070

Also, Use Kubescape to test the general security hygiene of your clusters