- Wiadomości bezpieczeństwa
- Internet of Things
- US Cities Exposed in Shodan
Shodan is an online search engine that catalogs cyber assets or internet-connected devices. Many cyber assets are exposed in Shodan for a number of reasons, including poor configuration. This level of exposure can become a serious security concern when hackers take advantage of them to steal data, launch ransomware or distributed denial-of-service (DDoS) attacks, or gain entry into networks.
Using Shodan data, Trend Micro researchers Numaan Huq, Stephen Hilt, and Natasha Hellberg assess which devices, servers, and critical sectors in the US are the most exposed. Affected parties can use this information when implementing the necessary security measures that will better protect their data and assets from future compromise.
Webcams are attractive targets for attackers not only because they can be used for surveillance but also because many webcams don’t come with an auto-update function. This means they are rarely patched and can be easily exploited. Houston, Texas is one of the biggest US cities with the most number of exposed webcams, while GeoVision GeoHTTPServer is the most exposed product.
NAS devices are popular solutions for backing up and storing data, as well as sharing files in collaborative work environments. Compromised NAS devices can lead to potential data theft and loss. Although there are relatively few exposed NAS devices in the US, most of them are located in Phoenix, Arizona. The most exposed NAS device is the Seagate GoFlex SSHD.
Despite manufacturers' efforts to release firmware upgrades and security patches for their routers, only a few users ever really install these fixes. These make routers exposed and vulnerable. Compromised routers can be abused to steal credentials, redirect users to malicious sites, or generate network traffic in DDoS attacks. Cisco routers, which dominate the Shodan results, are typically installed by Internet service providers (ISPs) in customers’ homes. Houston, Texas has the most number of exposed routers.
Printers can be a treasure trove of information for attackers seeking to go much deeper into a network or steal and sell insider information. An office printer, for example, handles confidential documents containing financial, customer, and sales data, as well as intellectual property. Los Angeles, California has the most number of exposed printers; Debut embedded HTTPD is the most exposed product.
Many companies are switching to voice over internet protocol (VoIP) phones because they make calling overseas cheaper; this is why Free Private Branch Exchange (FPBX) dominate Shodan results. Phones can be compromised to disrupt voice communications or eavesdrop on conversations. San Jose, California has the highest concentration of unsecured phones in the US.
Most media devices found on Shodan are digital video recorders (DVRs). DVRs can be security risks if attackers can access saved or live surveillance footage, or abuse them for lateral movement in a network. Chicago, Illinois has the most number of exposed DVRs, while TiVo To Go HTTPD is the most exposed product.
Web servers are Internet-facing by design and are riddled with vulnerabilities, which attackers can take advantage of. A compromised Web server can be used to redirect visitors to malicious websites, or host malicious content and illegal data. Apache HTTPD type is the most exposed product, while Los Angeles, California has the most number of exposed web servers.
Email servers (especially those used by organizations handling critical data) provide a wealth of confidential information that cybercriminals can monetize. Attackers can also target these servers to disrupt email services and severely cripple business operations. Los Angeles, California has the most number of exposed email servers, while Exim SMTPD is the most exposed product.
Databases make for choice targets given the variety of sensitive information they store such as financial, customer, sales, and inventory data; PII; credentials; and other information used by business applications.
From the Shodan data, we found that MySQL was the most popular database exposed on the Internet. Most of these exposed databases are concentrated in Los Angeles, California.
Databases make for choice targets given the variety of sensitive information they store such as financial, customer, sales, and inventory data; PII; credentials; and other information used by business applications.
Chicago tops the list as one of the biggest cities with the most number of exposed PostgreSQL databases.
Databases make for choice targets given the variety of sensitive information they store such as financial, customer, sales, and inventory data; PII; credentials; and other information used by business applications.
MongoDB returns banner information, including stored table names. This makes it easy for attackers to figure out what type of data is stored in the exposed MongoDB databases.
Databases make for choice targets given the variety of sensitive information they store such as financial, customer, sales, and inventory data; PII; credentials; and other information used by business applications.
Compared to other US cities, Los Angeles, California has the highest concentration of exposed MS-SQL databases.
A picture archiving and communication system (PACS) database is mainly used in the medical industry for economic storage and convenient access to images taken for various medical procedures like CT scan, X-Ray, MRI, or ultrasound. If these records ever fall into the wrong hands, they can be used for defamation, blackmail, or extortion. Chicago, Illinois has the most number of exposed PACS servers, while Apache HTTPD is the most exposed server software.
An electronic health record (EHR) database is mostly similar to PACS and is often used interchangeably. It stores patient data such as medical histories, laboratory test results, and insurance information. Houston, Texas has the most number of exposed EHR databases, while Apache HTTPD is the most exposed server product. Apache has plenty of known vulnerabilities that attackers can exploit, giving them access to the said data. The volume of available patient health records for sale in Deep Web marketplaces may indicate regular compromise of such systems.
Lafayette, Louisiana and Saint Paul, Minnesota have more exposed government cyber assets than the US capital, Washington DC. Firewalls make up almost half of the sector’s most exposed devices.
Houston, Texas and Lafayette, Louisiana are the top two cities with the most number of exposed cyber assets, with firewalls (55.65%) and printers (25%) making up the bulk of it.
The US healthcare sector has the least number of exposed cyber assets compared to the other sectors, with firewalls (69.10%) being the most exposed. Despite this, however, Shodan data reveals multiple unpatched servers running in healthcare organizations.
Most exposed cyber assets in this sector are located in small cities and towns instead of big cities. Clarksville, Tennessee has the most number of exposed assets in this sector, while wireless application protocol (WAP) is the most exposed cyber asset.
Shodan found very few exposed printers and webcams, as well as very few unpatched vulnerable servers running in the US financial sector. New York City has the highest number of exposed financial cyber assets. Like with the other sectors, firewalls are the most exposed devices.
With 65,000, Philadelphia, Pennsylvania has the most number of exposed cyber assets in the education sector. Like the rest of the sectors printers, firewalls, and webcams made the bulk of these exposed devices, along with multiple unpatched servers.
It must be noted that while we say ‘unsecured’ and ‘exposed’, this do not necessarily mean that the listed cyber assets are compromised, rather they are simply poorly configured and are thus vulnerable. As such, there may still be time for the owners of these unsecured cyber assets to secure them and prevent further attacks.
For complete and detailed information on this research, as well as up-to-date and actionable steps organizations and even home users can take to better secure their networks and connected devices, you can check out our research papers below.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.