Today Trend Micro’s FTR team released more papers on our continued investigation into our exposed world. Already having looked at the Exposed US, we now turn our attention to Europe, looking not only at Western European capitals, but deeper into three of its largest countries – Germany, France, and the United Kingdom.
Once again using the internet scanning tool Shodan, we spent months looking at what cyberspace in Europe looks like. Our intention is to understand the global internet footprint – which is enormous, and the smarter our cities become, the more exposures we create. As easy and as fancy as we like to use technology to make our lives easier, both at home and in the work place, we must remember it also has a downside. Do we really understand what is sitting out exposed to the internet?
Do we know what others can see?
Why does this matter?
It matters because things that are exposed on the internet if vulnerable can be used to launch attacks both at that target, as well as used in attacks against others. There are a variety of attacks that can leverage exposed systems and protocols – everything from DDoS botnets and booters (like the Miraibotnet earlier this year), to Ransomware (such as WannaCry breaching exposed network shares), to data breaches and just plain old hacking through systems without authentication enabled.
Remembering that exposed does not mean the system is vulnerable, it’s also important to note that even those systems that are exposed out on the internet by design (like a firewall or a router that by their very nature connect devices to the internet and thus obviously have to be exposed to it!), give attackers the ability to at least profile the target in order to generate intelligence about how to attack most efficiently.
So what did we learn about Europe?
Using the data, we could see that London, Berlin, and Madrid were large hubs of technology clearly with many data centers. Correctly placed physical attacks could not only have horrific impacts to individuals, but could seriously impact the operations within the continent.
Throughout Western Europe, the number of webcams that are exposed out to the internet is somewhat expected given the pro-surveillance nature of many of the countries; what was not expect was how many of these had open security – aka the pictures could be viewed, the cameras appeared to accessible to log in without authentication, etc. And while using Shodan to observe some of the images of parking lots, airports, manufacturing plants etc. was interesting, as a parent it broke my heart to see pictures of children there too. Would these children know to protect their privacy around those cameras?
Finally, the other area of IoT devices that I found particularly interesting is that were exposed NAS (Network Attached Storage) devices – a fancy way for saying data storage. The amount of exposed and vulnerable data that could be observed either in open network directories (via RDP, the remote desktop protocol) or via databases that were open without authentication to the internet was already staggering. Exposing NAS devices to the internet should almost never be necessary, and it just adds to the footprint of data that could be leaked. And when GDPR comes into effect, these all could likely be the first violators.
Another area of concern was the number of telephony-enabled devices we could see exposed – is it necessary for an internal VoIP phone to be accessible to the internet? Only the business owner can say for sure, but in my experience this is not the case. Printers, faxes, VoIP devices and PBX devices all were observable via Shodan and the concern here is in the number of attacks these things could be used in – phone fraud scams, 1-900 call to / SMS to attacks (which could cost the victims tens of thousands of dollars in costs), and DDoSing. For that last one, think of that annoying autocaller that keeps calling over and over so much that a business cannot dial out and no one could dial in.
To read the full report on what we found exposed in Western Europe, please click here.