The United States is the most exposed country in the world when measuring for the number of services that either don't offer modern cryptographic protection or are otherwise unsuitable to offer on the increasingly hostile internet.
Researchers measured countries by their offerings of native unencrypted services on the public internet, service on the internet that is unsuitable for public access, and service subject to amplification abuse through connectionless communication and found the U.S. lead the pack in these critical categories, according to Rapid 7's 2018 national exposure index.
China, Canada, South Korea, and the United Kingdom followed behind the U.S. and together control over 61 million servers listening on at least one of the surveyed ports, the report said.
The purpose of the report is to identify what is actually running on today's internet as opposed to what we believe should be present there, and which geopolitical regions are most at risk for deliberate, wide-scale attacks on core internet services.
The report also found there are 13 million exposed endpoints associated with direct database access, half of which are associated with MySQL in addition to millions of exposed PostgreSQL, Oracle DB, Microsoft SQL Server, Redis, DB2, and MongoDB endpoints all of which presents a significant risk of crucial data loss in a coordinated attack.
Researchers said that the most risk to the internet originates in countries that have a significant investment in, and reliance on, a safe and stable internet.
To combat these threats national internet service providers in these countries should use these findings to understand the risks of internet exposure, to make significant secure the global internet.
Researchers said that while the number of exposed Microsoft SMB Servers dropped considerably after the WannaCry attack of 2017 but warned that nearly half a million targets remain today, primarily in the U.S., Taiwan, Japan, Russia, and Germany.
“It's important to note that it's not just mature, traditionally “rich” or “large” countries that rely on a healthy and functioning internet,” the report said. “As of the start of 2018, more than half of all humans now maintain an active internet presence, after significant growth in both client-side and server-side infrastructure in Asia and Africa.”
“Even as there are engineering efforts to bolster the domain name system and bring it to modern levels of encryption and security, we still see millions of poorly maintained, misconfigured computers, ready to be abused by intelligence and espionage agencies, sophisticated criminal organizations, and casual, unsophisticated threat actors,” the report said.
Researchers said globally, they continue to see disturbing trends in internet exposure such as those that resulted in attacks against inappropriate services such as Windows SMB, database services, and that powerful amplification services are not enough to truly zero out their ongoing risk to attack and misuse.