Most Kubernetes API servers are exposed to the public Internet

Most Kubernetes API servers are exposed to the public Internet


Shadowserver Foundation researchers have discovered more than 380,000 open Kubernetes API servers on the Internet. This represents 84% ​​of all global instances of the Kubernetes API observable online.

The research was conducted across an IPv4 infrastructure using HTTP GET requests. The researchers did not conduct any disruptive checks to pinpoint the level of exposure that the servers showed, but the findings suggest potential problems in this area.

“While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed surface of the attack,” says the Shadowserver report. “They also allow version and assembly information to leak.”

The densest cluster of discovered API servers was found in the United States, where approximately 201,348 of these open API instances were discovered. This represents 53% of the total number of open servers found.

This report is further evidence in the growing body of API security research, which shows that many organizations are not prepared to protect themselves from potential API attacks, respond to them, or even keep track of them.

Data corruption through API incidents
According to a recent “State of API Security 2022” report by Salt Security, approximately 34% of organizations have absolutely no API security strategy in place, and another 27% say they have only a basic strategy that includes minimal scanning and manual checks. API security status and no control or management over them. Another study from 451 Research on behalf of Noname Security found that 41% of organizations had had an API security incident in the last 12 months. Of these, 63% involved data breaches or losses.

The range of potential attack surface APIs in modern application and cloud infrastructure is huge. According to a 451 Research study, large enterprises have an average of more than 25,000 APIs connected to or operating in their infrastructure. That number will continue to grow, and in a recent Gartner Predicts 2022 document, analysts say less than 50% of enterprise APIs will be managed in three years, “because the rapid growth of APIs exceeds the capabilities of API management tools. “

The Kubernetes exposure found by Shadowserver is evidence of a particularly acute problem in today’s cloud security. APIs are often one of the weakest links in cloud infrastructure management, as they are usually the core of the control plane that handles the configuration of cloud infrastructures and applications.

“All cloud disruptions follow the same pattern: control plane compromise. The control plane is the surface of the API that configures and operates the cloud. APIs are the primary driver of cloud computing; think of them as “software intermediaries” that allow different applications to interact, ”explains Josh Stella, Snyk’s chief architect and founder of Fugue, which Snyk recently bought. “The API control plane is a collection of APIs used to configure and operate the cloud. Unfortunately, the security industry is one step behind hackers because many vendor solutions do not protect their customers from cloud-based attacks. ”

In the Predicts section, Gartner analysts agree that the newly created APIs that plunge into the scene are an integral part of the emerging cloud and application architectures that are at the heart of the modern model of continuous application development.

“This situation is reminiscent of the beginnings of Infrastructure as a Service (IaaS), as uncontrolled API usage is on the rise. As architecture and operating technologies continue to mature, security controls are trying to apply old paradigms to new problems, ”says Gartner. “These controls may be a temporary solution, but it will take a long time for security controls and procedures to catch up with the new architecture paradigm.”



Source link

Leave a Comment

Your email address will not be published.