In its latest research published Monday, Security firm Rapid7 said that several Western nations are putting competitiveness and business ahead of security, and that will have “dire consequences” for some of the world’s largest economies, the report said.
The researchers pointed to an association between a nation’s gross domestic product (GDP) and its internet “presence,” with the exposure of unsafe, plaintext services, which virtually anyone can simply interrupt. Some of the most unprotected countries on the internet today include Australia (ranked fourth), China (ranked fifth), France (13th), the US (14th), Russia (19th) and the UK (23rd).
Belgium is the leader in the rankings as the most exposed country on the internet, with almost one-third of all systems and devices exposed to the internet. “Every service we searched for, it came back in the millions,” said Tod Beardsley, Senior Security Research Manager at Rapid7, who co-authored the report and spoke on the phone to ZDNet last week. “Everything came back from two million to 20 million systems,” he said. ‘Failure’ Of Modern Internet Engineering As for the largest culprits, there were over 11 million systems with direct access to relational databases, about 4.7 million networked systems that were categorized as the most commonly attacked port, and 4.5 million apparent printer services. A networking relic from the Cold War era was the one that hovered above them all. Dissecting the example, Beardsley said the on-going extensive use of a decades-old, obsolete and unsafe networking protocol would prove his point. Quoting the research, he said that scans disclosed that there are over 14 million devices still using old-fashioned, unsafe, plaintext Telnet for remotely getting access to files and servers. It was “encouraging” to see Secure Shell (SSH), its modern replacement, triumph over Telnet not least because given the choice, it’s far simpler to use that makes the switch much easier, Beardsley said. However, he said it was annoying to see millions nonetheless vacate their systems wide open to hackers and nation-state attackers. Echoing similar feelings from the report, he said that the high exposure rates are a “failure” of modern internet engineering. “Despite calls from… virtually every security company and security advocacy organization on Earth, compulsory encryption is not a default, standard feature in internet protocol design. Cleartext protocols ‘just work,’ and security concerns are doggedly secondary,” said the paper. The research is a good starting point to check if there are other factors that finds out if GDP impacts the exposure rate, said Beardsley. However, they stressed that additional work needed to be done and the research was just a footing stone for further work. “There are a million questions I have — I could talk for an hour,” he said. Source: ZDNet