Censys Introduces Inaugural State of the Internet Report

Today, Censys, the leader in Attack Surface Management (ASM), launched its inaugural State of the Internet Report, a holistic view into Internet risks and organizations’ exposure to them. This first-of-its-kind report also provides perspective on how security practitioners addressed several vulnerabilities over the last eighteen months, while offering organizations guidance for how to prioritize and evaluate the security maintenance of their Internet-connected business assets.

The inaugural report compiled by the Censys research team is informed by the firm’s technology, which maintains the most comprehensive view of assets on the Internet by continuously scanning the public IPv4 address space across the 3,600+ most popular ports. The Censys research team’s mission is to conduct timely and critical research of Internet exposures and enable the broader cybersecurity community to take quick actions that mitigate future issues.

Through careful examination of which ports, services, and software are most prevalent on the Internet and the systems and regions where they run, Censys’ research team discovered that misconfigurations and exposures represent 88% of the risks and vulnerabilities across the Internet. Using Censys’ Internet-wide scan capabilities and risk detection fingerprints, the State of the Internet Report provides visibility of the assets and weaknesses across an organization’s Internet infrastructure in three sections: the Internet as a Whole, the Attack Surface of the Internet, and the Attack Surfaces of Organizations.

“Assessing the state of the Internet is crucial in understanding an organization’s own risks and exposures,” said Zakir Durumeric, Co-Founder and Chief Scientist of Censys. “Censys’ unique perspective of the Internet provides a holistic look into the potential consequences of misconfigurations, while outlining security teams’ crucial need for expanded visibility and understanding to make smart security decisions.”

Censys’ 2022 State of the Internet Report found that:

• Misconfigurations – including unencrypted services, weak or missing security controls and self-signed certificates – make up roughly 60% of observed risks. When analyzing the risk profile of organizations across industries, missing common security headers accounted for the primary security error.
• Exposures of services, devices, and information represent 28% of observed risks. This includes everything from accidental database to device exposures.
• Critical vulnerabilities and advanced exploits only represent 12% of observed risks. When analyzing organizations by industry, the Computer and Information Technology industry had the widest spread of different risks, while Freight Shipment and Postal Services had the second widest.

Censys’ researchers also conducted a holistic assessment of the Internet’s response to three major vulnerabilities – Log4j, GitLab and Confluence – to understand mitigation strategies based on how a vulnerability is perceived. From this analysis, Censys learned how the Internet responds differently to vulnerability disclosures.

Also Read: Top 4 Strategies to Prevent the Active Directory (AD) from Cyber Threats and Risks  

Censys observed three distinct types of behavior in response to vulnerability disclosures:

• Near-immediate upgrading: Systems vulnerable to Log4j acted quickly based on the widespread coverage of the vulnerability. By March 2022, Censys observed only 36% of potential vulnerable services were left unpatched.
• Upgrading only after the vulnerability is being actively and widely exploited: While the GitLab vulnerability was being exploited, the remediation process acted slower than others until researchers discovered a botnet composed of thousands of compromised GitLab servers participating in DDoS campaigns.
• Near-immediate response by taking the vulnerable instance off the Internet entirely: Rather than upgrading, users chose to remove assets entirely from the Internet after Confluence’s vulnerability became public between June 2021 and March 2022.

The Internet constantly evolves as new technologies emerge, vulnerabilities are discovered, and organizations expand their operations that interact with the Internet. Security teams have the responsibility to protect their organizations’ digital assets and need proper visibility into the entire landscape to do so. Although vulnerabilities often garner the bigger headlines, it’s undetected misconfigurations and exposures that create the most risk for an organization, making it important to regularly assess any new hosts or services that appear in your infrastructure. Regardless of vulnerability type, providing organizations with the visibility and tools needed to strengthen their security posture introduces a proactive, more vigilant approach to digital risk management.