A heat map of the internet published by information security firm Rapid7 has shown the countries most vulnerable to cybercrime.
The National Exposure Index found that the country most open to attack is Belgium, followed by Tajikistan, Samoa and Australia. For reference, the United States and the United Kingdom came in 14th and 23rd respectively on the list.
The heat map was produced using Rapid7’s Project Sonar, which scans every single public-facing IP address. This includes any web server that has port 80 open. However, it also has outdated tools, such as POP3, an old and outdated email protocol, and FTP, an insecure method of transferring files over the net. Eight out of 10 services are often unencrypted, which helps paint the heat map.
The report took into account the number of services offered by a server, which contributed to the amount of attack exposure to which that server was open. As an example, the report states that, if a server cannot be connected to a particular service, then the chances of an attack by cyber criminals is much reduced — as it cannot be hacked through that particular service, such as via email or FTP. The vulnerability of the server, therefore, depends on the amount of services offered.
The report’s findings were unusual in that Rapid7 expected the most exposed countries to be the richest in terms of GDP, as they had access to the most internet and services available. What they actually find was that there was absolutely no correlation between the wealthy and underdeveloped countries.
Tod Beardsley, one of the report’s three authors, said of the heat map report finding: “We expected to find that the most exposed countries were also the richest. If you’re a wealthy country, you have a lot of servers and nodes. But we didn’t find any correlation between the number of nodes and the exposure.”
This potentially explains Belgium’s position right at the top of the report, Beardsley explains. While the country itself has fewer servers and nodes than places like the United States, more are offering unsecured connections.
Beardsley hopes to repeat the heat map regularly to find out if protection against hacking is moving in the right direction. It’s also expected by making the report public, the insecure servers go offline and connections get encrypted.