Cyber attackers have been quick to exploit the Hearbleed OpenSSL bug, to the tune of hundreds of thousand attacks per day in the week after the public revelation of its existence, the statistics shared in the latest quarterly IBM X-Force Threat Intelligence report have shown.
“Much emphasis has been placed on preparing for and mitigating zero-day attacks, but in the case of Heartbleed, a more interesting study occurs after disclosure, when both attackers and enterprises are racing against the clock,” noted Leslie Horacek, threat response manager for IBM X-Force security research group.
“IBM’s Managed Security Services (MSS) witnessed attackers immediately retooling and exploiting the bug on a global scale,” she shared, and attacks came fast and thick (click on the screenshot to enlarge it):
Less then two weeks after, the number of attacks attempting to exploit the bug has dropped considerably, but is still significant. “MSS sees an average of 7,000 attacks per day across a large attack surface,” it is noted in the report (registration required).
“There were many lessons learned from the Heartbleed attacks,” the researchers point out. “Organizations that had struggled to maintain a current asset database were left blind to which systems were vulnerable and which systems were critical. Even if they had an incident response plan, they needed an up-to-date asset database in order to deploy it.”
Mitigation techniques such as using firewalls to block out the bulk of the attacks, as well as intrusion detection and prevention devices can help reduce the risk until a patch can be deployed.
The vendors of affected software may also offer temporary workarounds and, finally, a temporary solution that is often not taken into consideration is shutting down vulnerable systems until a patch is made available. While this last option is usually not welcomed by businesses, getting their systems and user data possibly compromised is an even worse one.
Unfortunately, the latest numbers in show that despite the huge attention Heartbleed has received, many systems still remain unpatched, and this is a situation that attackers will continue to take advantage of.