Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks


Many current Internet-facing applications rely on Kubernetes clusters as a scalable and durable backbone. Adversaries who gain access to the nodes in those clusters, on the other hand, effectively seize control of your infrastructure. They have the ability to jeopardise the integrity of your systems and hijack the infrastructure for their own gain.

According to Shodan, there are 243,469 publicly visible Kubernetes clusters. The kubelet (the agent that runs on each node and guarantees that all containers are operating in a pod) uses port 10250 as a default option in these clusters. Attackers could utilise the kubelet API as a gateway to target Kubernetes clusters in order to mine cryptocurrencies. Read More…