42% more plaintext HTTP servers than HTTPS counterparts - report
There are 42% more plaintext HTTP web servers than there are encrypted HTTPS servers, according to a report released recently by Rapid7.
The company’s National/Industry/Cloud Exposure Report (NICER) shed light on the changing internet risk landscapes of 2020, and other issues facing cybersecurity teams.
According to the report, the United States leads the world in the prevalence of dangerous or otherwise flawed protocols, like FTP, Telnet and open and insecure databases. Following the US is China, South Korea, the UK, Germany and Brazil, with Australia coming in at 14th place.
Here are some of the highlights of the report:
Top companies remain at risk
The report found that unpatched services with known vulnerabilities were rife among the top publicly traded companies in advanced economies – with particular issues in the financial services and telecommunications industries.
These sectors both have thousands of high-rated common vulnerabilities and exposures (CVEs), with this problem expected to become exacerbated during worsening economic prospects amidst the COVID-19 pandemic.
Internet exposure has improved
Dangerous or insecure services, like those based on SMB or rsync file sharing protocols, have seen an average annual decrease of 13%.
Meanwhile, protocols with bolstered security like SSH (Secure Shell) and DoT (DNS-over-TLS) have increased overall, the report found.
These findings contradict the doom-and-gloom predictions by many commentators that there would be a jump of newly exposed insecure services such as Telnet and SMB with the sudden shift to work-at-home for millions of people and the continued rise of Internet of Things (IoT) devices crowding residential networks.
Patches leave a lot to be desired
Rapid7’s report found that only 73% of internet-facing Citrix systems have the latest patches or mitigations in place, with the remaining 27% either being vulnerable or ‘woefully outdated’.
Worldwide, patch and update adoption continue to be slow for a wide range of internet services, even for modern services with reports of active exploitation.
This is particularly true in the areas of email handling and remote access where, for example, 3.6 million SSH servers are sporting versions between five and 14 years old.
Australia performs well, comparitively
Rapid7 says Australia has done particularly well in addressing insecure and dangerous systems.
“Organisations in Australia have actually improved the security of internet services in the last year,” says Rapid7 vice president for Asia Pacific and Japan, Neil Campbell.
“Unfortunately, cyber-attackers have seen that and are now targeting the human factor as well. In addition to upgrading insecure services and patching systems, there are some fundamental human behaviours that have to be addressed.
“The only way to do that is through cyber awareness training.”
Campbell also sounded a warning about VPN concentrators and remote access services which many organisations have become more reliant on since coronavirus.
“These have become the new Adobe Reader, which was a go-to attack vector at the height of its popularity and often went unpatched,” he says.
“Even where the services are encrypted, the risk of remote code execution vulnerabilities or credential stuffing attacks means they are only really safe when patches are up to date and multi-factor authentication is used.”