For anyone involved in information security and combating the incredible breadth and depth of malware that’s constantly aimed at stealing our most important information, it’s not enough to simply know whether a given machine is compromised. Just as important is knowing which machines are vulnerable to attack.
That’s precisely the objective of projects that scan the internet looking for unsecured systems. One such initiative is Shodan, a search engine that scans online systems and “cyber assets” looking for any with security flaws that could open them up for attack. Security company Trend Micro conducted its own analysis of Shodan data for February 2016 and summarized the findings on its Security and Intelligence blog, noting that literally millions of internet-connected devices are vulnerable, including many in the most sensitive industries.
Shodan is particularly helpful because it reports on not just the IP address of connected devices, but also offers information on application software installed on devices and their firmware version numbers. That information can help companies like Trend Micro identify the kinds of devices that are connected. Of course, if Shodan can discover this kind of information, then malicious parties can do so as well using various tools and techniques of their own.
Trend micro identified a number of important trends, which it outlined in the blog post. Here are the highlights:
- Los Angeles had the highest number of exposed cyber assets when compared to other top 10 most populated cities in the U.S. The city had more than 4 million devices that could be targeted for cyberattack. Houston was second at 3.9 million exposed cyber assets.
- Unsurprisingly, web servers are particularly problematic, in that they’re some of the most commonly attacked machines, and they’re also often unsecured. Web servers, therefore, represent a known quantity of exposed cyber assets that could be secured against attack.
- Web servers hosted by the U.S. government, along with education, health care, and public utilities sectors in the U.S., were particularly open for attack. Servers in the emergency services and financial sectors, however, had relatively few unsecured machines.
- Nevertheless, most of the unsecured devices in the Shodan data were those often used for distributed denial-of-service (DDoS) attacks, and included firewalls, webcams, routers, and wireless access points. That correlates with a DDoS attack on October 21, 2016, that involved Mirai malware running on unsecured devices like webcams.
The most important conclusion to draw from Trend Micro’s analysis of the Shodan data is that there’s lots of work to be done in securing the millions of vulnerable internet-connected devices. The company will be presenting its analysis and conclusions at the RSA conference that’s currently underway, and you can dig into the details yourself in its report titled “U.S. Cities Exposed in Shodan.”
