Rapid7, a security firm, has just released a vast report (“National Exposure Index: Inferring Internet Security Posture by Country through Port Scanning“) focused on the nations mostly exposed to risks of Internet-based attacks. Researchers found that wealthier and more developed countries are more endangered, mainly because of the high number of unsecured systems connected to the Internet.
How Was the Research Carried Out?
Measuring Exposure and Internet Adoption
Measuring Exposure and Internet Adoption
The research uncovered that millions of systems offer services that shouldn’t be open to the public network. More particularly, 15 million nodes appearing to offer telnet (developed in 1969) were found, along with 11.2 million offering direct access to relational databases, and 4.5 million apparent printer services.
Other key findings:
- SSH (secure shell) adoption over telnet (cleartext shell) is gaining ground over telnet, with over 50% of regions offering more ssh servers than telnet servers.
- Non-web-based access to email (via cleartext POP or IMAP protocols) is still the norm versus the exception in virtually every country.
- There is a correlation between the GDP of a nation, overall internet “presence” in terms of services offered, and the exposure of insecure, cleartext services.
Another interesting finding is that the most exposed nations are indeed countries with the largest GDPs – like the United States, Russia, China, and France.
Similar Stories:
Targeted Attacks on Governments
Spear-Phishing And Malware
As Rapid7 researchers explain, there is in fact a correspondence between a country’s economic strength and the number of discoverable services hosted on the Internet. The first part of the report tries to prove that statement.
The second part of the study calculates the prevalence of cleartext, unencrypted services on the Internet and their encrypted counterparts, by country, and apply this proportion to spawn an overall National Exposure Index score. Also, the research team separated different protocol families, such as world wide web services, remote administration, e-mail, and others, to classify countries on their endorsement of fully encrypted and cleartext implementations of these services.
Do Developed Countries with Larger Economies Have a Larger Online Presence?
How Is This Presence Related to the General Exposure to Internet-Based Attacks?
Shortly said – yes. To determine this correlation, researchers first needed to measure each country’s count of unique Internet services provided.
Since the Internet is such a useful engine for economic growth, we hypothesized that countries with higher GDP might have higher utilization of IP address space.
After measuring the Internet adoption by country, researchers moved on to evaluating the security of each of those countries’ adoption.
There’s a relation between a nation’s GDP, its Internet presence and the exposure of unprotected, plaintext services which can easily be intercepted by attackers. So which are some of the most “vulnerable” countries when it comes to the Internet? Australia is fourth, China is fifth, France is 13th, followed by the US, Russia, and the UK.
Image Source: https://www.rapid7.com/resources/research-reports.jsp
Interestingly, Belgium is ranked first as the most exposed country. Almost one-third of its systems and devices are exposed.
So, What Is the Conclusion of the National Exposure Index?
The results of this unique and ample report point to a paramount failure in the current state of Internet engineering. Despite recommendations by organizations such as the Internet Architecture Board and the Internet Engineering Task Force, and every security company out there, compulsory encryption is still not a standard feature in Internet Protocol design. Instead of being prioritized, security concerns are usually secondary.
“With the race towards an IoT-dominated future well underway, we must rethink how we design, deploy, and manage our existing infrastructure“, researchers conclude.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: