Monday, 17 August 2020 18:47

New Research from Rapid7 Finds Australia 14th Most Exposed to Cyber Risks

By Rapid7

GUEST RESEARCH:  While there has been an average 13% decrease in exposed, dangerous internet services, industries including financial services and telecommunications remain exposed

Rapid7, a leading provider of security analytics and automation solutions, has released its National/Industry/Cloud Exposure Report (NICER) for 2020. The most comprehensive census of the modern internet, NICER 2020 analyses the changing internet risk landscape, measuring the prevalence and geographic distribution of common cybersecurity exposures with findings broken down by country, industry sector and internet protocol.

NICER 2020 focuses on the risks and multinational prevalence of protocols that are inherently flawed or too dangerous to expose to the internet – such as FTP, Telnet, SMB and open, insecure databases. Based on this, it ranks Australia as the 14th most exposed country in the world. The US is the most exposed country, followed by China, South Korea, UK, Germany, Brazil, Russia, Japan, Canada, Iran, Italy, Argentina, Taiwan, Australia, Spain, France, India, Turkey, Hong Kong and Mexico.

A technical assessment of the 24 service protocols surveyed finds that, on the whole, unencrypted, cleartext protocols are still the rule on how information flows around the world. There are 42% more plaintext HTTP Web servers than encrypted HTTPS servers, three million databases awaiting insecure queries, and 2.9 million routers, switches and servers accepting Telnet connections.

Financial services and telecommunications remain exposed

NICER 2020 finds that the top publicly traded companies in advanced economies including Australia are hosting a surprisingly high number of unpatched services with known vulnerabilities, especially in financial services and telecommunications. There are tens of thousands of high-rated CVEs (Common Vulnerabilities and Exposures) across the public-facing assets of these two sectors. Despite their vast collective reservoirs of wealth and expertise, this level of vulnerability exposure is unlikely to get better in a time of global recession.

The report analyses the exposure of companies listed on the ASX 200 in Australia, the Deutsche Börse Prime Standard 320, the Nikkei 225 in Japan, the UK FTSE 250+ and the US Fortune 500, giving each industry sector a grade of A, B, C or D. Industries graded D include Technology, Telecommunications, Financial Services, Healthcare, Pharma, Engineering, Construction, Industrials, Materials and Mining. Companies in these sectors correspond with the majority of breach and ransomware headlines in the last 12 months.

Surprisingly, internet exposure has gotten somewhat better, not worse

One positive finding is that the population of insecure services has gone down over the past year, with an average 13% decrease in exposed, dangerous services such as those based on the SMB and rsync file sharing protocols, and the Telnet remote computer access protocol. At the same time, more secure alternatives to insecure protocols, like SSH (Secure Shell) and DoT (DNS-over-TLS) increased overall.

These findings contradict the doom-and-gloom predictions by many commentators that there would be a jump of newly exposed insecure services such as Telnet and SMB with the sudden shift to work-at-home for millions of people and the continued rise of Internet of Things (IoT) devices crowding residential networks.

Australia also made significant strides in reducing its exposure in the last year. The exposure of plaintext FTP (file transfer protocol) services across the country, for example, was reduced by 56% in 2020 compared with the same period in 2019. This was one of the biggest improvements globally. SMB (Server Message Block, Microsoft Windows’ multi-purpose protocol used for file transfers) exposure in Australia was already fairly small in 2019 (just over 5000 servers exposed) and that footprint was further reduced to 4515 in 2020.

Australia exposed to attacks on remote access services

There is still considerable room for improvement, however. NICER 2020 finds there are still almost 40,000 systems exposing Microsoft Remote Desktop (RDP) and 4800 exposing Virtual Network Computer (VNC) remote access services in Australia. This puts organisations at risk of credential stuffing, brute force and exploit-based cyber attacks.

Australia is also fourth in the world with over 3000 exposed Citrix ADC/Netscaler services used to provide remote access to applications and/or desktop environments. Worryingly, Rapid7’s version fingerprinting technique shows that only 73% of internet-facing Citrix systems have the latest patches or mitigations in place, with the remaining 27% either being vulnerable or woefully outdated.

Globally, patch and update adoption continues to be slow for a wide range of internet services, even for modern services with reports of active exploitation. This is particularly true in the areas of email handling and remote access where, for example, 3.6 million SSH servers are sporting versions between five and 14 years old.

“Cyber attackers now targeting the human factor as well”

“Organisations in Australia have actually improved the security of internet services in the last year,” said Neil Campbell, Vice President APJ for Rapid7, commenting on the research. “Unfortunately, cyber attackers have seen that and are now targeting the human factor as well. In addition to upgrading insecure services and patching systems, there are some fundamental human behaviours that have to be addressed. The only way to do that is through cyber awareness training.”

Campbell also sounded a warning about VPN concentrators and remote access services which many organisations have become more reliant on since coronavirus. “These have become the new Adobe Reader, which was a go-to attack vector at the height of its popularity and often went unpatched,” he said. “Even where the services are encrypted, the risk of remote code execution vulnerabilities or credential stuffing attacks means they are only really safe when patches are up to date and multi-factor authentication is used.”

To view a copy of the full report, please visit.

For an infographic explaining key results, please visit.

About Rapid7

Rapid7 (Nasdaq: RPD) is advancing security with visibility, analytics and automation delivered through our Insight cloud. Our solutions simplify the complex, allowing security

teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behaviour, investigate and shut down attacks, and automate routine tasks. Over 8,500 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organisations.

For more information, visit our website, check out our blog, or follow us on Twitter.


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments