London and Berlin have emerged as the two European cities most exposed to potential cyber-attacks, according to a new study from Trend Micro.
The security giant ran a Shodan search on over 2.7m unique IP addresses in the region to compile its latest report Exposed Cities: Western European Capitals.
It found 2.8 million exposed cyber-assets in Berlin and 2.5 million in London. These assets include webcams, routers, printers, NAS devices, web and email servers and much more.
While being exposed to the public internet doesn’t indicate these devices will definitely be compromised, it does give hackers a good chance to remotely probe them for vulnerabilities.
However, Trend Micro claimed the results were in line with expectations, as both UK and German capitals are known as tech hubs which play host to a large number of ISPs.
It had the following:
“When exposure is calculated based on per capita, places such as Amsterdam, Berlin, and Lisbon proportionally had significantly higher exposure levels than other cities. Conversely, some cities such as Paris, Athens, and Rome where we expected to see much higher per capita numbers did not have high exposure levels.”
Webcams were the most commonly exposed type of device — with 3,050 in London alone — and NAS devices came second. London also topped the UK in terms of exposed web and email services and routers.
Trend Micro cybersecurity architect, Simon Edwards, urged IT departments to focus their efforts on IoT security.
“This starts with ensuring that each connected device has a complex password. A staggering number of businesses allow passwords to remain as default, but with hackers armed with the information to crack them in seconds, these devices might as well not be password protected at all. This shouldn’t be the only form of authentication needed; businesses should adopt multi-factor authentication, with additional biometrics,” he told Infosecurity.
“IT departments also need to take into account how often a device manufacturer patches the device when making a buying decision, and ensure that they are installing software updates when they come through. Perhaps the most important is the need to educate staff on the risks that IoT brings — reinforcing the use of complex passwords, being wary of emails from unknown senders, and not handling company IP on personal devices can go a long way.”