The Censys research team identified 8,000 servers hosting potentially sensitive information discoverable by its Web Entities solution now generally available for customers
ANN ARBOR, Mich., April 19, 2023 /PRNewswire/ -- Today, Censys, the leading internet intelligence platform for threat hunting and exposure management, announced its 2023 State of the Internet Report. This year's report focuses on web-based vulnerability and HTTP services across the internet, and now, Censys is making its solution for managing Web Entities within its Exposure Management platform generally available.
Snapshot of all hosts running an HTTP service from February 28, 2023 (generated via kepler.gl)
Using Censys' industry-leading global scanning engine, the 2023 State of the Internet Report provides visibility into the assets and weaknesses across organizations' internet infrastructure divided into three sections: HTTP services, certificates, and the attack surfaces of the internet. Censys leveraged their internet-wide scan data to better understand the applications and services that have become core to our existence, evaluating the state of security on the modern internet. Through careful analysis, Censys observed over 740 million hosts running 1.3 billion HTTP services of some variety. This comprises 165 million "unnamed" hosts only accessible by bare IPv4 addresses, and over 570 million named or "virtual hosts" that can also be accessed by a hostname.
Censys' 2023 State of the Internet Report found that:
While misconfigurations don't often make headlines, they remain a major problem. Censys researchers identified over 8,000 hosts on the internet misconfigured to expose open directories containing potentially sensitive data, such as database information, backup files, passwords, Excel worksheets, environment variables, and even some SSL and SSH private keys. Exposure of these types of data in such an accessible manner can offer threat actors an easy way into an organization's network.
Nearly 60% of all HTTP services observed are not protected by Transport Layer Security (TLS). This means traffic to and from these sites is unencrypted and susceptible to eavesdropping and man-in-the-middle attacks.
Over 40,000 unauthenticated Prometheus servers, intended to monitor the network health of over 219,000 endpoints, are exposed to the internet. This tooling could provide would-be threat actors with detailed reconnaissance and network mapping abilities.
The widespread use of web servers that have a known history of vulnerabilities or have reached end-of-life on unnamed hosts, including certain software that has been linked to recent critical infrastructure attacks, suggests concerning security practices.
"Between the increasing scarcity of IP addresses, the growing popularity of HTTP and TLS as common middleware protocols, and the widespread adoption of cloud, named services now far outnumber IP-identified services on the internet. This evolution means that an increasing fraction of every organization's internet exposure is only visible by scanning known names of services and checking potentially vulnerable endpoints," said Zakir Durumeric, Co-Founder and Chief Scientist of Censys. "Censys is the only company to provide global visibility into both IP-based and name-based internet exposure. In this year's report, we're excited to discuss how internet exposure is evolving and to launch our new Web Entities service to help companies understand their entire attack surface, including web-based exposure."
Censys' new Web Entities solution leverages powerful, industry-leading intelligence by continuously discovering and monitoring external web inventory for insecure and misconfigured websites, Elasticsearch instances, Kubernetes clusters and Prometheus endpoints exposed to the internet. Access to this data is critical to ensure organizations have complete visibility into both known and unknown assets, giving security teams the ability to identify and remediate threats as quickly as possible.
There are indicators that the state of internet security is moving in a positive direction. However, opportunities for threat actors to disrupt the security of our online presence remain; misconfigurations, outdated and vulnerable software, and improperly exposed API endpoints are just some of the weaknesses threat actors can leverage to exploit organizations' online systems.
To learn more about Censys' approach to organizational visibility, visit: https://www.censys.io.
About Censys Censys, Inc.™ is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. Founded in 2013 in Ann Arbor, Michigan, Censys gives organizations the world's most comprehensive real-time view of global networks and devices. Customers like Google, Cisco, Microsoft, Samsung, NATO, Swiss Armed Forces, the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, and over 51% of the Fortune 500 rely on the company's Exposure Management solution for a real-time, contextualized view into their internet and cloud assets. At Censys, you can be yourself. We like it that way. Diversity fuels our mission, and we are committed to inclusion across race, gender, age and identity. To learn more, visit censys.io and follow Censys on Twitter.
SOURCE Censys
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Share this article