Skip to main content

Analysis of internet-connected devices reveals millions are vulnerable to attack

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder
For anyone involved in information security and combating the incredible breadth and depth of malware that’s constantly aimed at stealing our most important information, it’s not enough to simply know whether a given machine is compromised. Just as important is knowing which machines are vulnerable to attack.

That’s precisely the objective of projects that scan the internet looking for unsecured systems. One such initiative is Shodan, a search engine that scans online systems and “cyber assets” looking for any with security flaws that could open them up for attack. Security company Trend Micro conducted its own analysis of Shodan data for February 2016 and summarized the findings on its Security and Intelligence blog, noting that literally millions of internet-connected devices are vulnerable, including many in the most sensitive industries.

Shodan is particularly helpful because it reports on not just the IP address of connected devices, but also offers information on application software installed on devices and their firmware version numbers. That information can help companies like Trend Micro identify the kinds of devices that are connected. Of course, if Shodan can discover this kind of information, then malicious parties can do so as well using various tools and techniques of their own.

Trend micro identified a number of important trends, which it outlined in the blog post. Here are the highlights:

  • Los Angeles had the highest number of exposed cyber assets when compared to other top 10 most populated cities in the U.S. The city had more than 4 million devices that could be targeted for cyberattack. Houston was second at 3.9 million exposed cyber assets.
  • Unsurprisingly, web servers are particularly problematic, in that they’re some of the most commonly attacked machines, and they’re also often unsecured. Web servers, therefore, represent a known quantity of exposed cyber assets that could be secured against attack.
  • Web servers hosted by the U.S. government, along with education, health care, and public utilities sectors in the U.S., were particularly open for attack. Servers in the emergency services and financial sectors, however, had relatively few unsecured machines.
  • Nevertheless, most of the unsecured devices in the Shodan data were those often used for distributed denial-of-service (DDoS) attacks, and included firewalls, webcams, routers, and wireless access points. That correlates with a DDoS attack on October 21, 2016, that involved Mirai malware running on unsecured devices like webcams.

The most important conclusion to draw from Trend Micro’s analysis of the Shodan data is that there’s lots of work to be done in securing the millions of vulnerable internet-connected devices. The company will be presenting its analysis and conclusions at the RSA conference that’s currently underway, and you can dig into the details yourself in its report titled “U.S. Cities Exposed in Shodan.”

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Cloudflare just stopped one of the largest DDoS attacks ever
Hands on a laptop.

Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.

The HTTPS DDoS attack was one of the largest such attacks ever recorded, and it came from unusual sources -- data centers.

Read more
Microsoft stopped the largest DDoS attack ever reported
Nvidia T4 Enterprise Server Wall

Distributed Denial-of-Service (DDoS) attacks have become more common, and Microsoft recently published a blog post looking into the trends for such attacks on its own servers. In that post, the company says that, at one point, it stopped one of the largest-ever-recorded DDoS attacks on a Microsoft Azure server in Asia.

According to Microsoft's data, in November, an unnamed Azure customer in Asia was targeted with a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps.) The attack came from 10,000 sources from multiple countries across the globe, including China, South Korea, Russia, Iran, and Taiwan. The attack itself lasted 15 minutes. Yet it is not the first one of such scale, as there were two additional attacks, one of 3.25 Tbps and another of 2.55 Tbps in December in Asia.

Read more
Cloudflare reports a massive 175% increase in DDoS attacks
Person using laptop with security graphics in front.

Cloudflare, a web infrastructure and security company, has just released a report titled "DDoS Attack Trends for Q4 2021." According to Cloudflare, 2021 has been a particularly bad year in terms of DDoS attacks.

Ransom distributed denial of service (DDoS) attacks increased by over 175 percent quarter over quarter, highlighting the large scale of the problem described by Cloudflare.

Read more