Security Market Segment LS
Thursday, 09 June 2016 12:02

Australia fourth most vulnerable nation to hacking: study Featured


Australia ranks fourth among the countries most vulnerable to hacking attacks, according to a study by penetration testing and information security form Rapid7.

Belgium tops the list, followed by Tajikistan and Samoa.

The company compiled what it calls a "heat map" of the Internet, looking for servers that had exposed ports that could be compromised.

Rapid7 used its Project Sonar tool to carry out a scan of every public-facing IP address and examine the services being offered to the wider Internet.

Many ports on a server offer services that they should be offering; the most common example is port 80 on which http services, or normal web pages, are offered. It is better if the encrypted version, https, is offered.

But there are a number of services which are unencrypted and open to compromise. For example, on port 110 one can find POP3 servers being offered. And port 21 is used for FTP, an insecure method of transferring files over the Internet.

"Today's Internet touches virtually everyone’s lives and is a critical component of economic security," the study noted. "Counter-intuitively, the adoption of fully encrypted protocols for core Internet services has not scaled with our personal, national, and global dependence on the Internet."

While the countries with greater GDP, like China and the US, had a much greater number of Internet users and hence many more net-connected devices, they were not the most exposed. In the case of Belgium, though it had many less Internet servers, a greater percentage were offering services that were insecure.

While Australia was the fourth most vulnerable overall, it also had the same rank among countries that had ports for database protocols exposed.

"We counted 7.8 million MySQL databases and 3.4 million Microsoft SQL Server systems. Six countries, the United States, China, Hong Kong, Belgium, Australia and Poland expose 75% of discovered Microsoft SQL nodes. Those same countries expose 67% of MySQL nodes," the study noted.

Among the findings of the study were:

  • Millions of systems offer services that should not be exposed to the public network. The survey found 15 million nodes appearing to offer telnet, 11.2 million appearing to offer direct access to relational databases, and 4.5 million apparent printer services. (The scans counted 7.8 million MySQL databases and 3.4 million Microsoft SQL Server systems. The study did not include ports for other popular database systems, notably, PostgreSQL and OracleDB.)
  • A total of 4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445/TCP.
  • SSH (secure shell) adoption over telnet (clear-text shell) is gaining ground, with over 50% of regions offering more ssh servers than telnet servers.
  • Non-web-based access to email (via clear text POP or IMAP protocols) is still the norm versus the exception in virtually every country.
  • There is a correlation between the GDP of a nation, overall Internet “presence” in terms of services offered, and the exposure of insecure, clear-text services.
  • The most exposed nations include countries with the largest GDPs, such as the United States, China, France, and Russia.
Read 4132 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News