Cities Exposed in Shodan
Category : Trend Micro
Western European, UK, French, German, and US cities exposed. Are your connected devices searchable on the internet? Find out what you are risking.
Shodan Reveals Exposed Cyber Assets
Using Shodan data, the Trend Micro Forward-looking Threat Research (FTR) team assessed which types of cyber assets found in cities across the globe are the most exposed. When a cyber asset like a webcam or a printer is searchable, threat actors can look for means to compromise the device or find out whether the device itself or its software version is known to be vulnerable. Affected parties can use the results of our research to justify investments such as the implementation of the necessary security measures that will better protect their data and assets from future compromise.
What is Shodan?
Shodan is an online search engine that catalogs cyber assets or internet-connected devices. Shodan finds and lists devices and systems such as webcams, baby monitors, medical equipment, industrial control system (ICS) devices, home appliances, and databases, among others. Shodan collates and makes searchable both device metadata and banner information that internet-connected devices and systems are freely sharing over the public internet—and with anyone who queries them.
What are exposed cyber assets?
We define “exposed cyber assets” as internet-connected devices and systems that are discoverable on Shodan or similar search engines, and can be accessed via the public internet. When a certain device or protocol is exposed, it does not necessarily mean that the cyber asset is automatically vulnerable or compromised.
However, since an exposed device is searchable and visible to the public, attackers can take advantage of the available information on Shodan in order to mount an attack. For instance, an attacker may check if the associated software of a device is vulnerable, or if the admin console’s password is easy to crack.
Cities Exposed Worldwide
We have looked at different developed countries in the world to see whether exposure levels differ across countries and in what ways. We have been able to analyze the exposed cyber assets in the United States, Western Europe as a region, the United Kingdom, France, and Germany.
We presented data on exposed cyber assets in the top 10 most populous cities in Western Europe—London, Berlin, Athens, Madrid, Rome, Paris, Stockholm, Oslo, Amsterdam and Lisbon. London and Berlin had more than 2.5 million exposed systems while Amsterdam and Madrid had numbers in the region of a million.
We presented data on exposed cyber assets in the top 10 largest U.S. cities by population—New York City, Los Angeles, Chicago, Houston, Philadelphia, Phoenix, San Antonio, San Diego, Dallas, and San Jose. Los Angeles, Houston, Chicago, and Dallas each had more than 2 million exposed cyber assets that make them vulnerable to exploitation and compromise.
For each research project, we answered the following questions:
- Which capital or city has the most number of exposed cyber assets?
- What are the most common connections, operating systems, and exposed and vulnerable products/software and device types in this country/region?
Then for each capital or city, we drilled down to analyze:
- Different exposed device types such as webcams, network-attached storage (NAS) devices, routers, printers, Voice over IP (VoIP) phones, and media recording devices
- Different exposed web services like email databases and other database types like MySQL, PostgreSQL, CouchDB, and MongoDB
- Different exposed services like NTP, UPnP, SNMP, SSH, RDP, Telnet, and FTP
Lastly, we also went into detail about what home office owners and enterprise network defenders can do to safeguard their networks from attacks that different threat actors can launch.