In the annual National Exposure Index report, Rapid7 has revealed that post-WannaCry still 160 million devices have open ports which include computers, IoT devices and servers that should not be exposed to the public network. About 15% of healthcare organisations are running on outdated systems or browsers. While many of these organisations simply lack the funding to update its systems, outdated platforms put these providers at risk.
The ambitious project scanned more than three billion IP-addressable, public internet servers and checked for exposed services on 30 different ports on each device. The researchers also found that the file-sharing server message block (SMB) port 445 had exposed 5.5 million internet-connected devices. In 2016, 4.6 million internet-connected devices left port 445 wide open.
More than 800,000 of these were Microsoft Windows systems across most products and versions using SMB file-sharing protocol which were specifically vulnerable to wormable WannaCry ransomware.
The use of open source file-sharing software Samba also exposes organisations to risks of similar vulnerability exploits, said Tod Beardsley, principal security research manager at Rapid7.
This finding shows why the WannaCry ransomware attack in May 2017 spread so widely in a short period due to its use of an SMB exploit leaked by the Shadow Brokers hacking group. More than 200,000 computers in 150 countries were affected before the international security community was able to halt the spread of the malware.
Things are notably better when it comes to protecting vulnerable Telnet ports that fueled the Mirai botnets. The number of those ports vulnerable dropped from 15 million to 10 million during the past year–a 33 percent reduction.
In a rare move, Microsoft has released additional security patches for Windows XP and Server 2003 users to protect against potential nation-state activity and destructive cyber attacks, such as those seen in the WannaCry attacks on May 12. The security patches are included in the company’s June 12 patch and fix three outstanding vulnerabilities built by NSA.
Microsoft previously said it would not fix these exploits, but changed course upon recognising the elevated risk of disruptive cyber attacks.
In the report, Rapid 7 also looked at worst-offender nations when it comes to open and exposed ports. The most exposed regions include Zimbabwe, Hong Kong SAR, Samoa, the Congo Republic, Tajikistan, Romania, Ireland, Lithuania, Australia and Estonia.
The report was aimed at highlighting the fact the Internet absent of cryptographic protection only encourages a hostile environment endangering both the virtual and the physical world of those devices connected to it.
Businesses are being urged to review what they are exposing to the internet to reduce their vulnerability to attack. A security firm has warned that there will be a major database attack in the next year unless businesses act to put in appropriate protection measures. Organisations should review their use of file-sharing services, identify where they are absolutely necessary, and eliminate them wherever possible.
Instead of using file-sharing services such as SMB and Samba, Beardsley said organisations should use cloud-based services that are inherently more secure through the use of HTTP over the Secure Sockets Layer (SSL), commonly known as HTTPS.