According to the latest threat 2018 National Exposure Index from analytics solutions provider Rapid7, the US scored the highest in nearly every exposure metric measured and along with China, Canada, South Korea, and the United Kingdom. Together they control more than 61 million servers listening on at least one of the surveyed ports.
Rapid7 says Australia’s relatively high exposure to security risks online is cause for concern because of its high dependence on the Internet.
It cautions that Australia is a high-profile target with many businesses leaving themselves exposed due to basic errors in the management of their IT environments and day-to-day operations.
Rapid7 warns that it is extremely dangerous to connect SMB to the Internet as it exposes Microsoft vulnerabilities to EternalBlue-powered attacks such as WannaCry.
There are 13 million exposed endpoints associated with direct database access, half of which are associated with MySQL, says Rapid7.
“Along with millions of exposed PostgreSQL, Oracle DB, Microsoft SQL Server, Redis, DB2, and MongoDB endpoints, this exposure presents significant risk of crucial data loss in a co-ordinated attack,” Rapid7 warns.
“While the number of exposed Microsoft SMB Servers dropped considerably after the WannaCry attack of 2017, there remain about a half a million targets today, primarily in the US, Taiwan, Japan, Russia, and Germany.”
According to Rapid7, amplification-based distributed denial of service (DDoS-A) remains a powerful technique for harming enterprises and providing cover for more sophisticated attacks.
It says that while the number of exposed UDP-based memcached servers is less than 4000, there are about 40,000 unpatched, out-of-date memcached servers, which are at risk of being drafted into the next “record-breaking DDoS attack”.
“These key findings tell us that the most risk to the Internet originates in countries that have significant investment in, and reliance on, a safe and stable Internet.
“This indicates to us that national Internet service providers in these countries can use these findings to understand the risks of internet exposure, and that they, along with policymakers and other technical leaders, are in an excellent position to make significant progress in securing the global Internet.
“It’s important to note that it’s not just mature, traditionally ‘rich’ or ‘large’ countries that rely on a healthy and functioning Internet. As of the start of 2018, more than half of all humans now maintain an active internet presence, after significant growth in both client-side and server-side infrastructure in Asia and Africa.
“We are in a crucial period of human history, and we need to actively measure the patterns of Internet usage that impact the security and stability of this incredible, planet-wide resource. By comparing regions both globally and with their immediate neighbors, we believe it’s possible to deliberately apply some ‘network husbandry’ to the Internet to ensure it remains supportive of technical innovation, cultural value, and economic prosperity.”
According to Rapid7, 2018 has already seen the largest distributed denial of service attack on record, using unsecured ‘memcached’ UDP servers.
“Due to this event, we’re paying much closer attention to memcached and other connectionless UDP services that can be abused in amplification attacks, and we have added this metric to the national exposure ranking system.”
Rapid7 warns that it also continues to worry about the exposure level of popular database servers, such as MySQL, PostgreSQL, Microsoft SQL Server, Oracle DB, and IBM DB2 – as well as the “NoSQL” databases like MongoDB and Redis.
“It’s our hope that by highlighting the prevalence of these services, and the specific geographic regions in which they reside, we can get ahead of a coming DB disaster.”