ZIUR detects more than 25,000 exposed IP addresses in Gipuzkoa
Irun followed by Donostia-San Sebastián are the cities where most situations of this type have been discovered
ZIUR, the Industrial Cybersecurity Centre of Gipuzkoa, has detected more than 25,000 exposed IP addresses in the territory, which represent “a critical risk” for Internet users. This exposure can reveal sensitive data, such as location, and facilitate cyberattacks that can compromise the security of information stored on different devices, as explained in the ZIUR ‘Exposure Surface Report’.
Currently, Irun is the city where most devices exposed to the Internet have been detected, followed by Donostia and Arrasate. Specifically, 7,867 have been identified in Irun, 6,287 in Donostia and 3,301 in Arrasate. In Andoain, the figure rises to 2,086 exposed devices, in Eibar 1,224 and in Bergara 1,024. In the rest of the Gipuzkoan towns such as Errenteria, Zarautz, Tolosa, Hernani, Beasain, Azkoitia, Elgoibar, Oñati, Azpeitia, Hondarribia, Pasaia, Ordizia, the exposure is much lower and, even, in Lasarte-Oria and Oiartzun no exposed IP has been detected, as detailed in this document. These exposed IPs are divided mainly among nine Internet service providers.
The analysis reveals a detailed overview of the digital exposure surface in Gipuzkoa territory, where there is significant connectivity and technological diversity. The exposed devices comprise a wide variety of types and functionalities, mostly user equipment, servers, mobile or embedded devices and routers. “This scenario suggests a significant exposure of both residential and commercial infrastructures, as well as possible critical elements of the territory,” warns ZIUR in its report.
Exposed services
With regard to the different equipment identified, ZIUR has found a wide variety of services whose exposure can pose a significant danger to the affected organizations. These include remote access control services such as RDP, that is, the use of a remote desktop computer is compromised; or VNC, which is a remote connection system that allows the desktop of a device to be viewed over the network on another computer. “Both services can provide direct access to the organizations that manage them,” ZIUR points out.
Another danger detected by the Gipuzkoa Industrial Cybersecurity Center is the use of open source databases with direct access to the Internet, which can compromise the security of the information stored on the devices and therefore become “a clear target” for the different ransomware groups.
The report also includes details on the exposure surface of ports related to protocols used in industrial environments. These protocols are usually associated with production environments, which are traditionally more critical. “It is vitally important to have this visibility, so that companies can be aware of their real exposure surface and, consequently, can adopt appropriate protection and risk mitigation strategies,” says ZIUR’s general manager, María Penilla.
You can read the entire report here: https://www.ziur.eus/en/-/ziur-report-on-cyber-attack-surface-2024