1 / 33

Profiling Exposed Cyber-Infrastructure in Cities in the United States

A comprehensive study of SHODAN's US scan data reveals the extent of cyber infrastructure exposure in the top 10 US cities. Discover the risks, exposed devices, and communication protocols in use.

jennettej
Download Presentation

Profiling Exposed Cyber-Infrastructure in Cities in the United States

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Profiling Exposed Cyber-Infrastructure in Cities in the United States Numaan Huq SBX3-W3 Senior Threat Researcher Trend Micro @nmnhuq Stephen Hilt Senior Threat Researcher Trend Micro @sjhilt

  2. Who are we?

  3. SHODAN Google, Bing, Yahoo! are great for finding data and websites, but provides little or no information about Internet-connected devices Shodan queries all manners of Internet-connected devices, collates, and makes searchable the device metadata collected Trend Micro partnered with Shodan to study just how widely exposed US based cyber infrastructure is on the Internet

  4. Exposed Cyber-Infrastructure Research Overview

  5. SHODAN Data Analysis We studied the Shodan US scan data set for February 2016 The US has the largest number of Internet exposed devices in the world The Shodan crawler takes ~3 weeks to scan the entire IPv4 address space A total of 178M+ records were generated from scanning 45M+ unique IPv4 and 256K+ unique IPv6 addresses Raw data was imported into Elasticsearch and queried using Kibana 550+ searchable fields in Kibana vs. 40+ searchable fields in Shodan’s web interface

  6. Why are Devices Exposed? Incorrectly configured network that allows direct device access Devices need to be connected to the Internet to function correctly Remote access enabled on the devices for remote trouble shooting Remote access enabled on the devices for remote operations Certain classes of devices (e.g. medical devices, ICS/SCADA, etc.) should NEVER be directly connected to the Internet!

  7. Risks of Device Exposure

  8. Who is Attacking? • Nation states • Criminal syndicates • Cyber terrorists • Competitors • Insiders • Hacktivists • Script Kiddies

  9. Exposed Cyber Infrastructure in Top 10 US Cities

  10. Exposure Statistics Exposed Cyber Assets in Top 10 Largest US Cities

  11. Exposed Devices & Products Top 20 Exposed Device Types Top 20 Exposed Products

  12. Exposed Webcams Exposed Webcams: Count Exposed Webcams: Products

  13. Exposed Routers Exposed Routers: Count Exposed Routers: Products

  14. Exposed Media Devices Exposed Media Devices: Count Exposed Media Devices: Products

  15. Exposed Databases Exposed MongoDB Exposed MS-SQL Exposed MySQL Exposed PostgreSQL

  16. Exposed Medical Databases Exposed EHR & EMR Server: Locations Exposed PACS: Locations Exposed PACS: Products Exposed EHR & EMR Server: Products

  17. Exposed Communication Protocols

  18. Exposed UPnP/SSDP Exposed UPnP/SSDP: Count Exposed UPnP/SSDP: Products

  19. Exposed SNMP Exposed SNMP: Count Exposed SNMP: Products

  20. Exposed SSH Exposed SSH: Count Exposed SSH: Device Types

  21. Exposed RDP Exposed RDP: Count Exposed RDP: Products

  22. Exposed Telnet Exposed Telnet: Count Exposed Telnet: Device Types

  23. Exposed FTP Exposed FTP: Count Exposed FTP: Device Types

  24. Exposed NTP

  25. Exposed CWMP (aka TR-069)

  26. Exposed Industrial Control Systems (ICS)

  27. Exposed HMIs (1/2)

  28. Exposed HMIs (2/2)

  29. Exposed Modbus Modbus: Top 10 Locations Modbus: Exposed Products

  30. Exposed BACnet BACnet: Top 10 Locations BACnet: Exposed Products

  31. Exposed EtherNet/IP EtherNet/IP: Top 10 Locations EtherNet/IP: Exposed Products

  32. Exposed Tridium Fox

More Related