sb-eu logo
Story image

42% more plaintext HTTP servers than HTTPS counterparts - report

05 Aug 2020

There are 42% more plaintext HTTP web servers than there are encrypted HTTPS servers, according to a report released recently by Rapid7.

The company’s National/Industry/Cloud Exposure Report (NICER) shed light on the changing internet risk landscapes of 2020, and other issues facing cybersecurity teams.

According to the report, the United States leads the world in the prevalence of dangerous or otherwise flawed protocols, like FTP, Telnet and open and insecure databases. Following the US is China, South Korea, the UK, Germany and Brazil, with Australia coming in at 14th place.

Here are some of the highlights of the report:

Top companies remain at risk

The report found that unpatched services with known vulnerabilities were rife among the top publicly traded companies in advanced economies – with particular issues in the financial services and telecommunications industries.

These sectors both have thousands of high-rated common vulnerabilities and exposures (CVEs), with this problem expected to become exacerbated during worsening economic prospects amidst the COVID-19 pandemic.

Internet exposure has improved

Dangerous or insecure services, like those based on SMB or rsync file sharing protocols, have seen an average annual decrease of 13%. 

Meanwhile, protocols with bolstered security like SSH (Secure Shell) and DoT (DNS-over-TLS) have increased overall, the report found.

These findings contradict the doom-and-gloom predictions by many commentators that there would be a jump of newly exposed insecure services such as Telnet and SMB with the sudden shift to work-at-home for millions of people and the continued rise of Internet of Things (IoT) devices crowding residential networks.

Patches leave a lot to be desired

Rapid7’s report found that only 73% of internet-facing Citrix systems have the latest patches or mitigations in place, with the remaining 27% either being vulnerable or ‘woefully outdated’.

Worldwide, patch and update adoption continue to be slow for a wide range of internet services, even for modern services with reports of active exploitation. 

This is particularly true in the areas of email handling and remote access where, for example, 3.6 million SSH servers are sporting versions between five and 14 years old.

Australia performs well, comparitively

Rapid7 says Australia has done particularly well in addressing insecure and dangerous systems.

“Organisations in Australia have actually improved the security of internet services in the last year,” says Rapid7 vice president for Asia Pacific and Japan, Neil Campbell.

 “Unfortunately, cyber-attackers have seen that and are now targeting the human factor as well. In addition to upgrading insecure services and patching systems, there are some fundamental human behaviours that have to be addressed. 

“The only way to do that is through cyber awareness training.”

Campbell also sounded a warning about VPN concentrators and remote access services which many organisations have become more reliant on since coronavirus. 

“These have become the new Adobe Reader, which was a go-to attack vector at the height of its popularity and often went unpatched,” he says. 

“Even where the services are encrypted, the risk of remote code execution vulnerabilities or credential stuffing attacks means they are only really safe when patches are up to date and multi-factor authentication is used.”

Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
BT Security shakes up roster of vendors after 'largest ever' partner review
BT says the decision to review their security partner base was driven by the recognition that many customers find it difficult to navigate today’s complex security landscape, as well as customers’ desire to have a ‘leaner set of partners’.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More