With the latest security news affecting major technology companies such as Veeam Backup and Western Digital, it’s clear that any company with public-facing IP addresses must take special measures to make them secure, as they allow users to access websites, applications, and other online services. However, their internet access makes them an easy target for malicious actors looking to exploit system flaws. Companies must remain informed on the latest cybersecurity trends and patterns to identify potential threats and safeguard against them.
This article will focus on the public-facing IPs of Malta, a small island in the Mediterranean Sea. Despite its small size, Malta has a substantial internet presence, with several websites and online services available to inhabitants and visitors alike, due to its strong iGaming and Financial services focus. We can acquire insights into the country’s overall security posture and detect any potential vulnerabilities by analysing the public-facing IPs used by these businesses. This data may be important not just for security experts, but also for organisations and individuals who may be affected by cyber threats.
Methodology
I used publicly available sites such as “internetdb.shodan.io” and the NIST National Vulnerability Database (CVE) to collect data for this investigation. I didn’t need to directly scan or connect to any Maltese server.
Shodan is a search engine that indexes and catalogues internet-connected assets such as servers, routers, and IoT devices. We were able to identify the most prevalent types of devices and applications running behind those IPs by accessing the Shodan API for all IP addresses linked with Malta. This data can help evaluate the overall security posture of Malta’s online infrastructure and detect potential weaknesses.
Furthermore, I searched the NIST CVE database for any known vulnerabilities related to the identified devices and software. This enabled me to detect any specific threats or vulnerabilities inside Malta’s public-facing IPs.
By merging the results from these two sources, I was able to compile a thorough overview of the public-facing IPs hosted in Malta, as well as any potential security vulnerabilities that may exist inside the hosts behind those IPs.
Quantitative Analysis
From the total of nearly half a million public IPs available in Malta, only around 33,000 were indexed by Shodan, of which 564 were found with some kind of vulnerability.
The top two most vulnerable hosts had well over 300 vulnerabilities, and multiple open ports with their risk scores at the highest level. These hosts have some of the oldest vulnerabilities, mostly around old versions of Apache web server, PHP and SSL.
For obvious security reasons, the IPs of these hosts have been offuscated.
The oldest vulnerabilities found were discovered and published over 20 years ago.
In this case, they are for PHP version 4 and before and can allow remote execution of code, which is considered critical.
They all have been long patched and fixed on current releases.
Comparative data
Let’s now review some of the data comparing the different vulnerabilities and affected hosts.
Out of the 1076 different vulnerabilities found, 78 of them were CRITICAL. These kind of vulnerabilites allow remote execution of code, total denial of service and potential data exfiltration.
Up to 387 vulnerabilities were considered HIGH severity. These vulnerabilities may serve as an initial entry point to leverage further exploitation but don’t necessarily allow remote execution or significant risk to the data, however, they may be simple enough to cause severe business disruption through different denial of service attacks, or data corruption.
From the list of all vulnerabilities found, the most common were found to be related to either old versions of Apache server or PHP. These are common services for publicly available web pages, and their updates are of utmost importance. At least 3 of the top ten vulnerabilities are classified as HIGH risk, with none of them scoring below 5.
The last graph reveals the distribution of the vulnerabilites by their criticality, and how complex they would be to exploit. As seen, there are at least 274 hosts (nearly 50%), with CRITICAL vulnerabilities that are easy to exploit (LOW Complexity).
The graph also shows the rest of vulnerabilities found on the same servers.
Conclusion
Vulnerabilities in public-facing IPs can pose a substantial danger to a country’s internet infrastructure security. This investigation reveals some encouraging results, as well as some areas of concern requiring immediate attention.
Overall, we discovered that the number of vulnerable hosts to scanned hosts is quite low, indicating that Malta has a healthy culture of patching and updating servers. This is a good sign for the country’s cyber infrastructure’s overall security.
However, this exercise uncovered a large number of very old and critical vulnerabilities that require immediate attention. The hosts and servers with these vulnerabilities tend to accumulate a large number of them, which indicates a lack of management and patching for many years. The companies and owners of these servers are easily identifiable, including several associated with the public sector, non-profit organisations, small and medium businesses, and several smart homes or possibly hotels equipped with security cameras and smart appliances or IoT devices.
While I cannot provide specific information about these vulnerabilities or the entities affected by them, I encourage all organisations and individuals in Malta to prioritise the security of their public-facing IP addresses and take action to address any vulnerabilities that may exist.
For those interested in downloading the visual report, it is available for download below as a pdf.
