At the recent RSA Conference, Trend Micro researchers presented the result of their investigation data on exposed cyber assets in the top 10 largest US cities by population. They found tens of thousands of webcams, network attached storage devices, routers, printers, phones, media players and etc. that connected via the public Internet were vulnerable to cyber attacks, and thus put users online at risk of data theft and exposure, and DDoS attacks. Based on the data they collected, they also found the distributions of exposed cyber assets were disproportionate according to population size. The second-most populous city, Los Angeles, topped the list with approximately 4 million exposed devices online, while the most populous city, New York, was a respectable seventh place. In terms of the types of devices and services found, firewalls were the number one exposure. In these instances, once the administrative interface of the firewall was exposed, firewall rules would be changed to allow malicious traffic into the network. The next most frequently exposed devices were webcams, routers and wireless access points, printers and PBX phones. In addition, cities examined in the research had different concentrations in the types of devices exposed. For example, Houston and Chicago came in first and second for total exposed webcams, while San Jose led the pack in terms of exposed PBX phones.
I think this report is very interesting and should be presented to all companies in the top 10 most populous cities. It determines the devices that are most likely exposed and therefore, companies can focus on improving security of these devices to better protect their data and systems. A good news is that Philly ranked 10th with around 0.4 million exposed devices in this research, even with the 5th largest population in the US. However, Philly was in the second place according to the total number of exposed printers. Worse than that, Philly has the most number of exposed cyber assets in the education sector. As a TU student, I feel a little unsecure now.