Over 60% of Organizations Expose SSH to the Internet

A majority of global organizations are exposing sensitive and insecure protocols to the public internet, potentially increasing their attack surface, according to ExtraHop.

The vendor analyzed a range of enterprise IT environments to benchmark cybersecurity posture based on open ports and sensitive protocol exposure.

It found that 64% of those studied have at least one device exposing SSH, which could allow attackers to probe it for remote access.

The research also revealed that over a third (36%) of organizations are exposing at least one device via the insecure file transfer protocol (FTP), which sends files in plain text, meaning they can be easily intercepted.

Over two-fifths (41%) had at least one device exposing LDAP, which looks up usernames in Active Directory. The protocols transmits queries in plain text, potentially putting credentials at risk.

Astonishingly, ExtraHop also found that 12% of organizations still have at least one device exposing Telnet to the public internet, even though the remote connectivity protocol has been deprecated since 2002.

SMB, which was famously targeted by WannaCry and other attacks, is another common security risk for enterprises. Over half (51%) of healthcare and 45% of SLED organizations had multiple devices exposing the protocol.

ExtraHop CISO Jeff Costlow branded ports and protocols “the doors and hallways” which attackers use to explore networks and launch attacks.

“That’s why knowing which protocols are running on your network and what vulnerabilities are associated with them is so important,” he added.

“This gives defenders the knowledge to make an informed decision about their risk tolerance and take actions – such as maintaining a continuous inventory of software and hardware in an environment, patching software quickly and continuously, and investing in tools for real-time insights and analysis – to improve their cybersecurity readiness.”