Security Market Segment LS
Wednesday, 10 August 2022 12:45

‘Highly sensitive’ protocols exposed to public Internet, warns ExtraHop Featured

By Staff Writer
Jeff Costlow, CISO, ExtraHop. Jeff Costlow, CISO, ExtraHop.

A significant percentage of organisations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, according to the latest Cyber Risk and Readiness report from network detection and response specialist ExtraHop.

The Cyber Risk and Readiness report shows that a significant percentage of organisations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet.

According to the report “Whether intentional or accidental, these exposures broden the attack surface of any organisation by providing cyberattackers an easy entry point into the network.shows that a significant percentage of organisations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet.

“Whether intentional or accidental, these exposures broden the attack surface of any organisation by providing cyberattackers an easy entry point into the network.”

The report goes on to say that: “Since the Russian invasion of Ukraine, governments and security experts around the world have noticed a significant increase in cyberattack activity.

“The Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies such as ENISA, CERT-EU, ACSC, and SingCERT have strongly encouraged enterprises to focus on strengthening their overall security postures, starting with reducing the likelihood of a damaging cyber intrusion. One key recommendation made by these agencies is that organisations disable all unnecessary or insecure ports and protocols.”

In the new report, ExtraHop notes that it conducted an analysis of enterprise IT environments to benchmark the cybersecurity posture of organisations based on open ports and sensitive protocol exposure so that security and IT leaders can assess their risk posture and attack surface visibility relative to other organisations.

Key findings of the ExtraHop report include:

  • SSH is the Most Exposed Sensitive Protocol: Secure Shell (SSH) is a well-designed protocol with good cryptography for securely accessing remote devices. It is also one of the most widely used protocols, making it a favourite target for cybercriminals looking to access and control devices across an enterprise. Sixty-four percent of organisations have at least one device exposing this protocol to the public internet. LDAP Exposure is High: Lightweight directory access protocol (LDAP) is a vendor-neutral application protocol that maintains distributed directory information in an organised, easy-to-query manner. Windows systems use LDAP to look up usernames in Active Directory. By default, these queries are transmitted in plaintext giving attackers an opportunity to discover usernames. With 41% of organisations having at least one device exposing LDAP to the public internet, this sensitive protocol has an outsized risk factor.
  • Exposed Database Protocols Open Doors for Attacks: Database protocols enable users and software to interact with databases, inserting, updating, and retrieving information. When an exposed device is listening on a database protocol, it exposes the database as well. Twenty-four percent of organisations have at least one device exposing Tabular Data Stream (TDS) to the public internet. This Microsoft protocol for communicating with databases transmits data in plaintext, making it vulnerable to interception.
  • File Server Protocols At Risk: In looking at the four protocol types (file server protocols, directory protocols, database protocols, and remote control protocols), the vast majority of cyberattacks occur in file server protocols, which involve attackers moving files from one place to another. Thirty-one percent of organisations have at least one device exposing Server Message Block (SMB) to the public internet.
  • FTP is Not As Secure As it Can Be: File transfer protocol (FTP) is not a full-service file access protocol. It sends files over networks as a stream and offers practically no security. It transmits data, including usernames and passwords, in plaintext, which makes its data easy to intercept. While there are at least two secure alternatives, 36% of organizations expose at least one device using this protocol to the public internet.
  • Protocol Usage Differs by Industry: This is indicative of different industries investing in different technologies and having different requirements for storing data and interacting with remote users. When considering all industries together, SMB was the most prevalent protocol exposed.
          In financial services, SMB is exposed in 28% of organisations.
          In healthcare, SMB is exposed in 51% of organisations.
          In manufacturing, SMB is exposed in 22% of organisations.
          In retail, SMB is exposed in 36% of organisations.
          In State and Local Government, SMB is exposed in 45% of organisations.
          In tech, SMB is exposed in 19% of organisations.
  • Organisations Continue to Leverage Telnet: Telnet, an old protocol for connecting to remote devices, has been deprecated since 2002. Yet 12% of organisations have at least one device exposing this protocol to the public internet. As a best practice, IT organisations should disable Telnet anywhere it is found on their network.  

“Ports and protocols are essentially the doors and hallways that attackers use for exploring networks and causing damage,” said Jeff Costlow, CISO, ExtraHop.

“That’s why knowing which protocols are running on your network and what vulnerabilities are associated with them is so important. This gives defenders the knowledge to make an informed decision about their risk tolerance and take actions — such as maintaining a continuous inventory of software and hardware in an environment, patching software quickly and continuously, and investing in tools for real-time insights and analysis — to improve their cybersecurity readiness.”

Rohan Langdon, Area Vice President Australia and New Zealand, ExtraHop, added, “The cyber risks faced by businesses are continuing to grow and for many organisations, the challenge is exacerbated because some of their IT systems in use were deployed years ago.

“They might be monitoring ageing equipment or managing core infrastructure and these could easily be missed when measuring the extent of the cyber risk being faced. It’s only when the total cyber risk profile of an organisation is understood, including east-west traffic and exposed ports, that a comprehensive plan for its management can be devised and implemented.

“Today, governments, product developers, the business community and cybersecurity professionals all have important roles to play in ensuring Australian organisations keep pace with the challenges faced when delivering a cybersecurity posture fit for purpose and aligned with industry regulation, Essential Eight compliance and both internal employee and external supply chain security.”

Read 1955 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under

Related items

More in this category: « Bumper load of fixes from Microsoft on August Patch Tuesday Post-pandemic security concerns elevated: survey »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments