Contact us
Request demo →
Contact us
search
close

Open Directories: A Peek Into Our Research

by Sebastiaan Bosman Blog 24 Nov 2021

In our previous blog, we explained what open directories are and how they can result in a data leak. As mentioned there, we conducted research into the risks of open directories ourselves, to see the extent of the problem. We’ll go into the method and preliminary results of that research here, while leaving the most telling examples and conclusions for our webinar on Wednesday 1 December.


The Method

For the research, we used a combination of Shodan and our own Attack Surface Management (ASM) platform. Shodan is used as a search engine for internet-connected devices, practically in the broadest sense of the term. Our ASM platform automatically detects and maps the digital assets of an organisation, by looking from the outside-in. All assets are scanned for digital risks and scored accordingly, helping IT professionals prioritise the most pressing vulnerabilities in their systems.

Our main goal was to research the extent of open directories and the risk they pose, and analyse them for misconfigurations and exposed confidential data. Naturally, upholding the confidentiality of (exposed) data was a priority throughout the entire research.

We split the process into smaller parts:

  1. Check for exposure of open directories;
  2. Collect and process data;
  3. Analyse the data;
  4. Correlate the findings.

 

The Results

Geographic differences

Overall, we found 475,537 open directories during the two-month research period. As each one of those directories holds a number of folders and files, the total number of exposed files reaches well over the 10 million.

Naturally, results varied geographically depending on internet use. In our research, the US had the most detected open directories: 171,587 compared to 39,447 from Germany, the runner-up in the list. After that, though, results in the top 10 did not vary as much anymore, with an average of 17,132 detected open directories from countries ranging from Canada to Japan. Those are still a lot of individual files vulnerable to data leaks. We will cover some of the most remarkable findings from different countries in more detail during the webinar.

Data dumps

We also detected various file types in the open directory data dumps. There were .zip files, as well as .sql, .tar, .gz, .md, .backup, and more. These data dumps are massive, with some of the compressed folders holding over 30GB of data.

example of data dump

 

What to expect from the webinar

Next to extensive data dumps, we were able to detect other types of data such as leftover files and exports. Our Security Analyst Soufian El Yadmani will go over these types of findings and the different types of critical data they hold.

After examining the different kinds of data leaks and establishing the level of risk that open directories pose, we will conclude our webinar with some tips and tricks. How can you prevent similar data leaks at your organisation? Our CISO Vincent Thiele will share his insights and best practices.

Click here to register for the webinar:

Watch the webinar >>

Disinformation: a certainty in uncertain times

Since the beginning of the internet, we have seen a near, if not an exponential, surge of information sharing amongst users in cyberspace. Not long after, we saw how the emergence of social media ushered an access to public online platforms where other internet users worldwide could share, discuss, promote, and consume information, whether by deliberate choice or not.

read more

Threat Report: Remote vulnerability in Confluence, fixes available

On 2 June, 2022 a critical vulnerability was identified in Atlassian Confluence (CVE-2022-26134). The vulnerability in question relates to active exploitation of unauthenticated remote code execution in Confluence Data Center and Server; meaning that the vulnerability could lead to code being executed remotely.  

read more

Looking back on the 2021 vulnerability: Log4shell

In December 2021 a critical vulnerability surfaced named Log4shell within Log4j, a widely used logging tool for java applications. Log4j is used globally by computers running online services, which meant it impacted a multitude of people, organisations, and government organisations. Since then, multiple fixes have been implemented in the hope to avoid such an outbreak in the future.

read more

Do you have a question?

Our experts have the answers

Contact us