Security researchers have found that some of the wealthiest and most developed nations are at the greatest risk of hacks and cyberattacks — in part because they have more unsecured systems connected to the internet.
Security firm Rapid7 said in its latest research, published Monday, that many Western nations are putting competitiveness and business ahead of security, and that will have “dire consequences” for some of the world’s largest economies, the report said.
The researchers pointed to a correlation between a nation’s gross domestic product (GDP) and its internet “presence,” with the exposure of insecure, plaintext services, which almost anyone can easily intercept.
Some of the most exposed countries on the internet today include Australia (ranked fourth), China (ranked fifth), France (13th), the US (14th), Russia (19th) and the UK (23rd).
Belgium led the rankings as the most exposed country on the internet, with almost one-third of all systems and devices exposed to the internet.
“Every service we searched for, it came back in the millions,” said Tod Beardsley senior security research manager at Rapid7, who co-authored the report and spoke on the phone last week.
“Everything came back from two million to 20 million systems,” he said.
‘FAILURE’ OF MODERN INTERNET ENGINEERING
As for the biggest culprits, there were over 11 million systems with direct access to relational databases, about 4.7 million networked systems that were categorized as the most commonly attacked port, and 4.5 million apparent printer services.
But there was one that floated above them all — a networking relic from the Cold War era.
Dissecting the example, Beardsley said the ongoing widespread use of a decades-old, outdated and unsecured networking protocol would prove his point. He said, citing the research, that scans showed that there are over 14 million devices still using outdated, insecure, plaintext Telnet for remotely accessing files and servers.
Beardsley said it was “encouraging” to see Secure Shell (SSH), its modern replacement, prevail over Telnet — not least because given the choice, it’s far easier to use — which makes the switch much easier.
But he said it was frustrating to see millions nevertheless leave their systems wide open to hackers and nation-state attackers.
He echoed similar sentiments from the report, saying that the high exposure rates are a “failure” of modern internet engineering.
“Despite calls from… virtually every security company and security advocacy organization on Earth, compulsory encryption is not a default, standard feature in internet protocol design. Cleartext protocols ‘just work,’ and security concerns are doggedly secondary,” said the paper.
Beardsley said that the research is a good starting point to see if there are other factors that determine if GDP influences the exposure rate, but they stressed that more work needed to be done and the research was just a foundation stone for further work.
“There are a million questions I have — I could talk for an hour,” he said.