"Over 60% of Organizations Expose SSH to the Internet"

Security researchers at ExtraHop have found that most global organizations are exposing sensitive and insecure protocols to the public internet, potentially increasing their attack surface.  The researchers analyzed a range of enterprise IT environments to benchmark cybersecurity posture based on open ports and sensitive protocol exposure.  It was found that 64% of those studied have at least one device exposing SSH, which could allow attackers to probe it for remote access.  The researchers also found that over a third (36%) of organizations are exposing at least one device via the insecure file transfer protocol (FTP), which sends files in plain text, meaning they can be easily intercepted.  Almost half (41%) had at least one device exposing LDAP, which looks up usernames in Active Directory.  The protocol transmits queries in plain text, potentially putting credentials at risk.  Astonishingly, the researchers also found that 12% of organizations still have at least one device exposing Telnet to the public internet, even though the remote connectivity protocol has been deprecated since 2002.  The researchers noted that SMB is another common security risk for enterprises and was targeted by WannaCry and other attacks in the past.  Over half (51%) of healthcare and 45% of SLED organizations had multiple devices exposing this protocol.

Infosecurity reports: "Over 60% of Organizations Expose SSH to the Internet"