Over a million corporate file-shares are exposed to attacks
Vulnerable SMB ports could lead to a second WannaCry outbreak, say experts
Vast amounts of companies are leaving their corporate networks exposed, experts have revealed, risking the possibility of a second WannaCry-style malware outbreak.
The National Exposure Index report, compiled by security firm Rapid7, revealed that internal file-sharing systems were being exposed by over one million unsecured endpoints, potentially exposing business-critical systems and data to malicious external hackers.
The vast majority of the vulnerable endpoints observed by Rapid7 - more than 800,000, in fact - were Windows systems that used the server message block (SMB) protocol. A vulnerability in this protocol is one of the main reasons behind the swift and prolific spread of the WannaCry ransomware earlier this year, which used the flaw to propagate across the internet.
Running a scan for SMB port 455 revealed over 5.5 million responsive nodes, and Rapid7 warned that blocking these ports from being publicly-addressable could go a long way towards stopping the spread of similar attacks to WannaCry in the future.
However, the report did note some areas of improvement. Belgium, last year's most exposed country, did not even make the top 50 in 2017's report after 250,000 publicly-exposed servers had their access culled.
Similarly, there has been a 33% drop in the amount of telnet exposure. This was partly judged to be a result of ISPs blocking access to port 23 in response to the Mirai botnet - although Rapid7 also noted that it was likely due in part to nodes being knocked offline by Mirai itself.
Zimbabwe, Hong Kong and Samoa topped this year's list of the most exposed countries. The UK came in at number 37, despite having the world's fourth-largest allocation of IPv4 addresses.
"The UK's position at #37 on the National Exposure Index is reflective of the fact that while it is generally in line with similar nations' exposure, the UK has an uncomfortably high exposure rate of qualified SMB," Rapid7 said as part of the report. "IT administrators and internet service providers in the UK would do well to review what is both allowed and expected to be available on the internet."