National Exposure Index: Which Is the Most Hackable Country?

shutterstock_94715374Rapid7, a security firm, has just released a vast report (“National Exposure Index: Inferring Internet Security Posture by Country through Port Scanning“) focused on the nations mostly exposed to risks of Internet-based attacks. Researchers found that wealthier and more developed countries are more endangered, mainly because of the high number of unsecured systems connected to the Internet.

How Was the Research Carried Out?

Measuring Exposure and Internet Adoption

The research uncovered that millions of systems offer services that shouldn’t be open to the public network. Mais particularmente, 15 million nodes appearing to offer telnet (developed in 1969) were found, junto com 11.2 million offering direct access to relational databases, e 4.5 million apparent printer services.

Other key findings:

  • SSH (secure shell) adoption over telnet (cleartext shell) is gaining ground over telnet, Com mais 50% of regions offering more ssh servers than telnet servers.
  • Non-web-based access to email (via cleartext POP or IMAP protocols) is still the norm versus the exception in virtually every country.
  • There is a correlation between the GDP of a nation, overall internetpresencein terms of services offered, and the exposure of insecure, cleartext services.

Another interesting finding is that the most exposed nations are indeed countries with the largest GDPs – like the United States, Rússia, China, and France.

Similar Stories:
Targeted Attacks on Governments
Spear-Phishing And Malware

Como Rapid7 researchers explicar, there is in fact a correspondence between a country’s economic strength and the number of discoverable services hosted on the Internet. The first part of the report tries to prove that statement.

The second part of the study calculates the prevalence of cleartext, unencrypted services on the Internet and their encrypted counterparts, by country, and apply this proportion to spawn an overall National Exposure Index Ponto. Além disso, the research team separated different protocol families, such as world wide web services, remote administration, e-mail, e outros, to classify countries on their endorsement of fully encrypted and cleartext implementations of these services.

Do Developed Countries with Larger Economies Have a Larger Online Presence?

How Is This Presence Related to the General Exposure to Internet-Based Attacks?

Shortly said – yes. To determine this correlation, researchers first needed to measure each country’s count of unique Internet services provided.

Since the Internet is such a useful engine for economic growth, we hypothesized that countries with higher GDP might have higher utilization of IP address space.

After measuring the Internet adoption by country, researchers moved on to evaluating the security of each of those countriesadoption.

There’s a relation between a nation’s GDP, its Internet presence and the exposure of unprotected, plaintext services which can easily be intercepted by attackers. So which are some of the most “vulnerável” countries when it comes to the Internet? Australia is fourth, China is fifth, France is 13th, followed by the US, Rússia, e o Reino Unido.

image Source:

Curiosamente, Belgium is ranked first as the most exposed country. Almost one-third of its systems and devices are exposed.

assim, What Is the Conclusion of the National Exposure Index?

The results of this unique and ample report point to a paramount failure in the current state of Internet engineering. Despite recommendations by organizations such as the Internet Architecture Board and the Internet Engineering Task Force, and every security company out there, compulsory encryption is still not a standard feature in Internet Protocol design. Instead of being prioritized, security concerns are usually secondary.

With the race towards an IoT-dominated future well underway, we must rethink how we design, deploy, and manage our existing infrastructure“, pesquisadores concluem.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar