New research on Kubernetes security suggests that hundreds of installations worldwide have been hijacked for cryptomining — most due to a combination of recent reported vulnerabilities and Kubernetes APIs exposed to the Internet with no authentication required for access.
Kubernetes combines groups of containers into structures called "pods." According to Binary Edge's report, "By having this exposed, an attacker can not only see what is running on the Pods, but also execute commands on the Pods themselves."
In addition to exposing Kubernetes APIs for use by cryptominers, the report also says the scanned instances can expose critical data and passwords.
Read more here.