Vast amounts of companies are leaving their corporate networks exposed, experts have revealed, risking the possibility of a second WannaCry-style malware outbreak.
The National Exposure Index report, compiled by security firm Rapid7, revealed that internal file-sharing systems were being exposed by over one million unsecured endpoints, potentially exposing business-critical systems and data to malicious external hackers.
The vast majority of the vulnerable endpoints observed by Rapid7 - more than 800,000, in fact - were Windows systems that used the server message block (SMB) protocol. A vulnerability in this protocol is one of the main reasons behind the swift and prolific spread of the WannaCry ransomware earlier this year, which used the flaw to propagate across the internet.
Running a scan for SMB port 455 revealed over 5.5 million responsive nodes, and Rapid7 warned that blocking these ports from being publicly-addressable could go a long way towards stopping the spread of similar attacks to WannaCry in the future.
However, the report did note some areas of improvement. Belgium, last year's most exposed country, did not even make the top 50 in 2017's report after 250,000 publicly-exposed servers had their access culled.
Similarly, there has been a 33% drop in the amount of telnet exposure. This was partly judged to be a result of ISPs blocking access to port 23 in response to the Mirai botnet - although Rapid7 also noted that it was likely due in part to nodes being knocked offline by Mirai itself.
Zimbabwe, Hong Kong and Samoa topped this year's list of the most exposed countries. The UK came in at number 37, despite having the world's fourth-largest allocation of IPv4 addresses.
"The UK's position at #37 on the National Exposure Index is reflective of the fact that while it is generally in line with similar nations' exposure, the UK has an uncomfortably high exposure rate of qualified SMB," Rapid7 said as part of the report. "IT administrators and internet service providers in the UK would do well to review what is both allowed and expected to be available on the internet."
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
