by Bharat Mistry
If effective cybersecurity is all about minimizing risk, one of the first things you should check is whether your IT assets are exposed to the public internet. If they are — and have insufficient security controls safeguarding them — your organization could be at risk of data theft, system compromise, fraud, privacy leaks and much more. That’s why Trend Micro has followed up on its popular US Cities Exposed report earlier this year with a new study of Western Europe.
Unfortunately, the results were not dissimilar: we found millions of devices in the region’s 10 major cities were potentially exposed to hackers. That’s bad news, especially with strict new EU data protection laws set to land in May 2018.
The need for greater transparency
To compile the report, we analyzed Shodan data comprising a total of 8,667,083 records generated from scanning 2,751,346 unique Internet Protocol (IP) addresses. Why? Because a growing range of threat actors — from financially motivated cybercrime gangs to nation states, hacktivists, terrorists and script kiddies — are gearing up to do the same, using publicly available tools to scour the internet for vulnerable systems. We’re not suggesting all the assets we discovered are vulnerable, but if they are searchable, they could theoretically be attacked.
Perhaps the best example of this is the Mirai attack campaign of 2016, where hackers scanned the internet for IoT devices protected only with factory default usernames and passwords. Once located, they were able to log on and remotely control these as part of a DDoS botnet that took down some of the internet’s biggest sites.
Of course, it’s true that many devices need to be connected to the internet to function properly, perhaps to enable remote operation — in these cases care must be taken to harden and protect them against attack. Others are left exposed because, like the devices compromised by Mirai, they’ve been misconfigured, which in theory should be an easier issue to mitigate.
The report’s findings are too important to ignore. If your exposed cyber asset is subsequently compromised, it could lead to a damaging breach of customer data or sensitive IP, or even a ransomware attack. That’s not all: hackers could use the compromised asset as an entry point into the corporate network, and move laterally to higher value systems — potentially those that control critical infrastructure, which could end up jeopardizing public safety. Compromised devices could also be conscripted Mirai-style into botnets to commit click fraud, launch DDoS attacks and more.
London and Berlin lead the way
Given these potentially severe repercussions, it’s perhaps a little disappointing but not hugely surprising that Western European cities are just as exposed as their US counterparts. We found that London (2.85 million devices) and Berlin (2.87m) were the most “exposed” cities, although this was in line with expectations considering these are hi-tech centers which host a large number of ISPs. More interestingly, places like Amsterdam and Lisbon had much higher exposure levels than other cities, based on per capita calculations. On the other hand, cities including Paris, Athens and Rome did not have particularly high exposure levels per capita, confounding our expectations.
So, which were the most frequently exposed system types? HTTP web servers took the prize in the software category. This makes it more important than ever that patches are applied promptly to Apache HTTPD, NGINX, OpenSSH, Microsoft IIS HTTPD and similar systems. When it came to hardware, we discovered more than 58,000 wireless access points, 34,000 firewalls and 28,000 webcams exposed to the public internet.
Given the EU General Data Protection Regulation (GDPR) will come into force from May 25, 2018, enterprises must take action now to secure their assets, or risk fines of up to 4 percent of global annual turnover (or €20m) if data is breached as a result. These efforts should include network segmentation, log analysis, cloud encryption and tighter access controls.
Check out our full report, Western European Cities Exposed, for the complete security checklist. Understanding where your organization is most exposed is the first step towards building greater cyber-resilience.