Every day for the past seven years, a group of researchers have been meticulously scanning the entire internet, looking for patterns and anomalies and building a comprehensive internet map used for threat hunting.
The research team at Censys works extensively with Federal agencies but doesn’t always get much public attention for its highly detailed work, Matt Lembright, director of Federal applications at Censys, said during a recent MeriTalking podcast.
Yet in its 2023 State of the Internet Report, Censys identified more than 8,000 internet servers hosting potentially sensitive information, including possible credentials, database backups, and configuration files, Lembright said during the episode. Lembright, a cybersecurity expert and former U.S. Army intelligence officer, said the public along with people in the cyber field would do well to heed the findings.
“It might not get headlines that things like vulnerabilities and zero days might get, but misconfigurations – exposures that folks are seemingly unaware of or at least they might have forgotten about, is still a huge, huge problem,” he said.
“It was really not hard for our researchers to find these things, which is extremely concerning,” Lembright said. “Our assessment was it’s pretty easy for a threat actor to weaponize this … it’s much easier to walk in an unlocked door than it is to try to pick a lock or bust a door open.”
Lembright also expressed concern about Censys research findings that critical infrastructure, a top priority for the Cybersecurity & Infrastructure Security Agency, remains at risk. “We look at criterial infrastructure quite a bit, and we look for things like operational technology protocols and software, and we see the same thing,” he said.
“We see water treatment plants and gas stations and all manner of different types of arguably critical infrastructure that doesn’t require a complicated phishing campaign (to attack). If there’s a door open, they don’t need to kind of sneak their way in. They just kind of walk in.”
The Censys internet report, released in April, focused in part on HTTP, or Hypertext Transfer Protocol, which encompasses various services running on the internet, including web servers, load balancers, and web-based application programming interfaces. The research found that about 18 percent of all services running HTTP on the internet were hosted in one of four major cloud providers: Amazon Web Services, Oracle Cloud, Google Cloud, or Microsoft Azure.
The dominance of major third-party providers reinforced that cloud consumers should take some ownership of cloud security. “I think of cloud providers as storage units. They’ve got some basic security around the perimeter of their property. But at the end of the day, when you get to your locker, that’s your responsibility. … It’s still your data in that cloud,” he said.
Lembright, a longtime weather buff, compared the work of Censys researchers to meteorology. While predicting the weather will never be an exact science, he said it has vastly improved over time because “the more sensors you have … the more accurate they are and the more you can leverage that data at scale, the more accurate those predictions are going to get.”
Similarly, Censys has expanded and quickened its global scanning and made other changes that improve its ability to understand the internet.
“You’re never going to get to that perfect prediction,” Lembright added, “… but the more we can understand those patterns … I think we can start to piece together not only what did the internet look like but why does it matter to look at the internet, … and what does that mean for our day to day lives.”
Listen to the full episode.
To learn more about Censys, read about the recent discovery of a Russian ransomware group within its internet search data.