Misconfigurations leave internet-facing servers open to attack
Issues with server configuration remain a major problem. Researchers at Censys have identified over 8,000 hosts on the internet misconfigured to expose open directories.
These directories contain potentially sensitive data, such as database information, backup files, passwords, Excel worksheets, environment variables, and even some SSL and SSH private keys. Exposure of these types of data in such an accessible manner can offer threat actors an easy way into an organization's network.
Using Censys' global scanning engine, the 2023 State of the Internet Report provides visibility into the assets and weaknesses across organizations' internet infrastructure divided into three sections: HTTP services, certificates, and the attack surfaces of the internet.
The report also shows that nearly 60 percent of all HTTP services observed are not protected by Transport Layer Security (TLS). This means traffic to and from these sites is unencrypted and susceptible to eavesdropping and man-in-the-middle attacks.
Over 40,000 unauthenticated Prometheus servers, intended to monitor the network health of over 219,000 endpoints, are exposed to the internet too. This could provide would-be threat actors with detailed reconnaissance and network mapping abilities.
In addition the widespread use of web servers that have a known history of vulnerabilities or have reached end-of-life on unnamed hosts, including certain software that has been linked to recent critical infrastructure attacks, highlights concerning security practices.
"Between the increasing scarcity of IP addresses, the growing popularity of HTTP and TLS as common middleware protocols, and the widespread adoption of cloud, named services now far outnumber IP-identified services on the internet. This evolution means that an increasing fraction of every organization's internet exposure is only visible by scanning known names of services and checking potentially vulnerable endpoints," says Zakir Durumeric, co-founder and chief scientist at Censys. "Censys is the only company to provide global visibility into both IP-based and name-based internet exposure. In this year's report, we're excited to discuss how internet exposure is evolving and to launch our new Web Entities service to help companies understand their entire attack surface, including web-based exposure."
There are indicators that the state of internet security is moving in a positive direction. However, opportunities for threat actors to disrupt the security of online systems remain; misconfigurations, outdated and vulnerable software, and improperly exposed API endpoints are just some of the weaknesses threat actors can leverage to exploit organizations' online systems.
The full report is available from the Censys site.
Image Credit: wavebreakmedia / Shutterstock