There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined \u201cas offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.\u201dThe report noted: \u201cWhile there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the \u2018most popular\u2019 TCP ports on the internet.\u201dThe researchers took the 30 \u201cmost popular\u201d TCP ports and performed cross-country comparisons to come up with a National Exposure Index.Below is a small sample of Rapid7\u2019s findings.The table on the left shows the top regions that have devices listening on all of the 30 most prevalent TCP services. There was no \u201cdouble dipping,\u201d as a node in the \u201c30 ports exposed\u201d category had all 30 scanned ports exposed and was not in any other port-count category.The table on the right shows a small portion of the national exposure index, the most exposed nations with insecure services\u2014the most hackable countries.Notice that the U.S. has a ridiculously high number of devices listening on all 30 ports examined in this study, landing in the top spot with over 43 million servers or devices exposing every port combination in the Sonar study. Yet it ranked at 14 in the exposure table for offering insecure services. China had considerably fewer devices listening on 30 ports, over 11 million, yet came in fifth for most hackable country. It's doubtful that many people taking a wild guess at the most exposed country would have said Belgium.Rapid7 found a \u201ccorrelation between the GDP of a nation, overall internet \u2018presence\u2019 in terms of services offered, and the exposure of insecure, cleartext services.\u201d The report explained, \u201cBy surveying available services on the internet, and grouping by geolocated IP address, we can see that, in general, there is some correlation between internet connectivity and a region\u2019s overall economic strength as expressed by GDP.\u201dOf the 30 ports scanned by Rapid7, below are the top 20 ports and protocols.Sadly, most services are unencrypted even though it is possible to enable encryption on some of the protocols. Rapid7 called the lack of encryption for most services \u201cworrisome for any standards or enforcement body charged with keeping up a reasonable security profile for an organization.\u201dHTTP, port 80 and HTTPS, port 443 make up a little less than a third of all the service ports on the internet. SSH is the third most-common service, with its insecure counterpart Telnet being the seventh most-common service. Rapid7\u2019s scan found nearly 15 million devices still use Telnet services. Additionally, the report noted that \u201cnon-web-based access to email (via cleartext POP or IMAP protocols) is still the norm versus the exception in virtually every country.\u201d11.2 million nodes offer direct access to relational databases. The researchers\u2019 scan counted 7.8 million MySQL databases and 3.4 million Microsoft SQL Server systems, but the study did not include ports for PostgreSQL and OracleDB.\u201cUnited States, China, Hong Kong, Belgium, Australia and Poland expose 75 percent of discovered Microsoft SQL nodes. Those same countries expose 67 percent of MySQL nodes,\u201d according to the report.Some of the facts in the full report, but you don\u2019t see in the above sampling, include 5.4 million unencrypted Microsoft Remote Procedure Call services exposed via port 135. A whopping \u201c4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445\/TCP.\u201d When scanning port 5000, 4.5 million Universal Plug and Play services were exposed, and another 4.5 million printer services were exposed via port 9100.Rapid7\u2019s National Exposure Index report concluded:These results all speak to a fundamental failure in modern internet engineering. Despite calls from the Internet Architecture Board, the Internet Engineering Task Force, and virtually every security company and security advocacy organization on Earth, compulsory encryption is not a default, standard feature in internet protocol design. Cleartext protocols \u201cjust work,\u201d and security concerns are doggedly secondary.This state of affairs cannot last for much longer without dire consequences for the world\u2019s largest economies. It is difficult to imagine a future where healthy, robust economies make less use of the internet, rather than more. Recall that since the internet was effectively standardized on TCP\/IP in 1982, 40 percent of the world\u2019s population now uses the internet directly on a regular basis, and virtually everyone is indirectly dependent on the internet\u2019s functionality.The internet is far too important an engine of economic growth and stability to leave to legacy, security-optional services. With the race towards an IoT-dominated future well underway, we must rethink how we design, deploy, and manage our existing infrastructure.You can grab a copy of the report here and read Rapid7's blog post about the new research here.