Home Security Australia 11th in country rankings for Internet security threat exposure
Australia 11th in country rankings for Internet security threat exposure Featured

Australia ranks 11th in the world as the country with the highest Internet security threat exposure, narrowly avoiding the top 10 most exposed countries which are led by the US, China, Canada, South Korea and the UK.

According to the latest threat 2018 National Exposure Index from analytics solutions provider Rapid7, the US scored the highest in nearly every exposure metric measured and along with China, Canada, South Korea, and the United Kingdom. Together they control more than  61 million servers listening on at least one of the surveyed ports.

Rapid7 says Australia’s relatively high exposure to security risks online is cause for concern because of its high dependence on the Internet.

It cautions that Australia is a high-profile target with many businesses leaving themselves exposed due to basic errors in the management of their IT environments and day-to-day operations.

The National Exposure Index Report highlights that 22% of all Internet-reachable Australian servers accept connections on 445/TCP, the port associated with Server Message Block, a core Windows networking protocol.

Rapid7 warns that it is extremely dangerous to connect SMB to the Internet as it exposes Microsoft vulnerabilities to EternalBlue-powered attacks such as WannaCry.

There are 13 million exposed endpoints associated with direct database access, half of which are associated with MySQL, says Rapid7.

“Along with millions of exposed PostgreSQL, Oracle DB, Microsoft SQL Server, Redis, DB2, and MongoDB endpoints, this exposure presents significant risk of crucial data loss in a co-ordinated attack,” Rapid7 warns.

“While the number of exposed Microsoft SMB Servers dropped considerably after the WannaCry attack of 2017, there remain about a half a million targets today, primarily in the US, Taiwan, Japan, Russia, and Germany.”

According to Rapid7, amplification-based distributed denial of service (DDoS-A) remains a powerful technique for harming enterprises and providing cover for more sophisticated attacks.

It says that while the number of exposed UDP-based memcached servers is less than 4000, there are about 40,000 unpatched, out-of-date memcached servers, which are at risk of being drafted into the next “record-breaking DDoS attack”.

“These key findings tell us that the most risk to the Internet originates in countries that have significant investment in, and reliance on, a safe and stable Internet.

“This indicates to us that national Internet service providers in these countries can use these findings to understand the risks of internet exposure, and that they, along with policymakers and other technical leaders, are in an excellent position to make significant progress in securing the global Internet.

“It’s important to note that it’s not just mature, traditionally ‘rich’ or ‘large’ countries that rely on a healthy and functioning Internet. As of the start of 2018, more than half of all humans now maintain an active internet presence, after significant growth in both client-side and server-side infrastructure in Asia and Africa.

“We are in a crucial period of human history, and we need to actively measure the patterns of Internet usage that impact the security and stability of this incredible, planet-wide resource. By comparing regions both globally and with their immediate neighbors, we believe it’s possible to deliberately apply some ‘network husbandry’ to the Internet to ensure it remains supportive of technical innovation, cultural value, and economic prosperity.”

According to Rapid7, 2018 has already seen the largest distributed denial of service attack on record, using unsecured ‘memcached’ UDP servers.

“Due to this event, we’re paying much closer attention to memcached and other connectionless UDP services that can be abused in amplification attacks, and we have added this metric to the national exposure ranking system.”

Rapid7 warns that it also continues to worry about the exposure level of popular database servers, such as MySQL, PostgreSQL, Microsoft SQL Server, Oracle DB, and IBM DB2 – as well as the “NoSQL” databases like MongoDB and Redis.

“It’s our hope that by highlighting the prevalence of these services, and the specific geographic regions in which they reside, we can get ahead of a coming DB disaster.”


With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).


Popular News




Sponsored News