Major risk of hack attacks against databases are possible due to millions of systems on the internet that offer services which should not be exposed to the public.
A new report from Rapid7 called the National Exposure Index uncovered 15 million nodes that appeared to offer telnet, 11.2 million appearing to offer direct access to relational databases, and 4.5 million apparent printer services. The data was derived from Project Sonar to scan the internet and collect data on protocol usage.
“Today's internet in 2016 looks like the 1996 internet, which is a little depressing,” said Tod Beardsley, senior security research manager at Rapid7 and co-author of the report.
Around 4.7 million systems expose a commonly-attacked port used by Microsoft Systems, 445/TCP. Three quarters of the servers that offer SMB/CIFS originated in only six countries: the US, China, Hong Kong, Belgium, Australia and Poland.
There is a connection between the GDP of a nation, overall internet presence of services offered, and the exposure of insecure, cleartext services such as POP or IMAP. The most exposed countries on the internet today are ones with the largest GDPs—China, France, Russia and the US.
“Other than being a lot bigger, we're not seeing much more to encrypted services as we were expecting,” said Beardsley. “We were hoping to see more encrypted services compared to their unencrypted counterparts, after all, it's easier to stand up encrypted services today than it was 10 or 20 years ago.”
Only three of the top dozen services are encrypted (No.2 HTTPS, No. 3 SSH, and No. 12 POP3S). Others are unencrypted. Some of the unencrypted services can be secured but are usually deployed in the clear or must first negotiate insecure connections which would leave the door open to man-in-the-middle attacks.
Describing the overall insecurity of the internet in the public eye, Beardsley said, “I don't think there are good reasons for it. Largely, it's going to be implementation errors compounded by the fact that some people just don't know.”