‘Highly Sensitive’ Protocols Exposed to Public Internet, ExtraHop Warns


A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH and Telnet, to the public internet, according to the latest Cyber ​​Risk and Readiness report from network detection and response specialist ExtraHop. .

The Cyber ​​Risk and Readiness Report shows that a significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public Internet.

According to the report, “Whether intentional or accidental, these exposures expand any organization’s attack surface by providing cyberattackers with an easy entry point into the network. Telnet, to the public Internet.

“Whether intentional or accidental, these exposures expand any organization’s attack surface by providing cyberattackers with an easy entry point into the network.”

The report goes on to say, “Since the Russian invasion of Ukraine, governments and security experts around the world have noticed a significant increase in cyberattack activity.

“The Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies such as ENISA, CERT-EU, ACSC and SingCERT have strongly encouraged companies to focus on strengthening their overall security postures , starting with reducing the likelihood of a harmful cyber intrusion. A key recommendation made by these agencies is that organizations disable all unnecessary or insecure ports and protocols.

In the new report, ExtraHop notes that it performed an analysis of enterprise IT environments to compare organizations’ cybersecurity posture based on open ports and exposure to sensitive protocols so that security and IT can assess their risk posture and attack surface visibility relative to other organizations. .

Key findings from the ExtraHop report include:

  • SSH is the most exposed sensitive protocol: Secure Shell (SSH) is a well-designed protocol with good cryptography for securely accessing remote devices. It’s also one of the most widely used protocols, making it a prime target for cybercriminals looking to access and control a company’s devices. Sixty-four percent of organizations have at least one device exposing this protocol to the public internet. LDAP exposure is high: Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol that manages distributed directory information in an organized and easily queried manner. Windows systems use LDAP to look up user names in Active Directory. By default, these requests are transmitted in the clear, giving attackers the ability to discover usernames. With 41% of organizations with at least one device exposing LDAP to the public internet, this sensitive protocol presents an outsized risk factor.
  • Exposed database protocols open the door to attacks: Database protocols allow users and software to interact with databases, insert, update, and retrieve information. When an exposed device listens on a database protocol, it also exposes the database. Twenty-four percent of organizations have at least one device exposing Tabular Data Stream (TDS) to the public internet. This Microsoft database communication protocol transmits data in the clear, making it vulnerable to interception.
  • File server protocols at risk: Looking at the four types of protocols (file server protocols, directory protocols, database protocols, and remote control protocols), the vast majority of cyberattacks occur in file server protocols, which involve the attackers move files from one location to another. Thirty-one percent of organizations have at least one device exposing Server Message Block (SMB) to the public internet.
  • FTP is not as secure as it can be: File Transfer Protocol (FTP) is not a full-service file access protocol. It sends files over networks as a stream and offers virtually no security. It transmits data, including usernames and passwords, in plain text, making it easier to intercept its data. Although there are at least two secure alternatives, 36% of organizations expose at least one device using this protocol to the public internet.
  • The use of the protocol differs by industry: This indicates that different industries invest in different technologies and have different requirements for storing data and interacting with remote users. Considering all industries together, SMB was the most prevalent protocol exposed.
    In financial services, SMEs are exposed in 28% of organisations.
    In the field of health, SMEs are exposed in 51% of organizations.
    In the manufacturing sector, SMEs are exposed in 22% of organizations.
    In retail, SMEs are exposed in 36% of organisations.
    In state and local government, SMEs are exposed in 45% of organizations.
    In tech, SMEs are exposed in 19% of organizations.
  • Organizations continue to benefit from Telnet: Telnet, an old protocol for connecting to remote devices, has been obsolete since 2002. Yet 12% of organizations have at least one device exposing this protocol to the public Internet. As a best practice, IT organizations should disable Telnet wherever it is on their network.

“Ports and protocols are essentially the doorways and corridors that attackers use to explore networks and cause damage,” said Jeff Costlow, CISO, ExtraHop.

“That’s why it’s so important to know what protocols are running on your network and what vulnerabilities are associated with them. This gives defenders the knowledge to make an informed decision about their risk tolerance and take action – such as maintaining an ongoing inventory of software and hardware in an environment, patching software quickly and continuously, and investing in tools for real-time insights and analytics – to improve their cybersecurity readiness.

Rohan Langdon, Regional Vice President Australia and New Zealand, ExtraHopadded: “Cyber ​​risks facing businesses continue to grow and for many organizations the challenge is exacerbated because some of their IT systems in use were deployed years ago.

“They may be monitoring aging equipment or managing core infrastructure and these could easily go unnoticed when measuring the extent of cyber risk they face. Only when an organization’s total cyber risk profile is understood, including east-west traffic and exposed ports, can a comprehensive plan for its management be designed and implemented.

“Today, governments, product developers, the business community and cybersecurity professionals all have an important role to play in ensuring that Australian organizations keep pace with the challenges faced when setting up a cybersecurity posture fit for purpose and aligned with industry regulations, Essential Eight compliance and both internal employee and external supply chain security.


Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

Now in its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust discussion program as local thought leaders and Thoughtworks technologists share first-hand experiences and discuss new ways to empower teams, deliver great software, and drive innovation for technology responsible.

See how we at Thoughtworks are improving technology, together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that aims to create tech employment pathways for First Nations people.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event



About Author

Comments are closed.