Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data compromised by the vulnerability.
It exists in OpenSSL versions 1.0.1 through 1.0.1f. The simplicity of the exploit makes it powerful. It appears that over a half million websites are vulnerable.
OpenSSL provides encryption technology for online communications, not just web servers. Web-enabled applications, VMware, Cisco, Juniper and applications such as VPNs and IP phones also use OpenSSL. The vulnerability gives attackers a way to infiltrate websites and download information without leaving evidence. Our AlienVault labs team began investigating the vulnerability after it was publicized and have seen a significant number of attacks already. The Open Threat Exchange™ (OTX), which provides crowd-sourced threat intelligence, was very helpful in our investigation.
In addition, since the vulnerability has existed for over two years, it is possible that attackers have been repeatedly siphoning information from victims without their knowledge. People have been poking at OpenSSL for years – no telling how far they have exploited the vulnerability.
The OpenSSL vulnerability can be used to steal not only user credentials, but also elements of the application’s source code and any information that is in the server’s memory. The attack can be combined with man-in-the-middle methods to acquire client credentials before authentication occurs.
Check to see if you are vulnerable here.
How AlienVault USM can help detect Heartbleed attacks
Our Labs team has released several IDS signatures for AlienVault USM as well as correlation rules to detect an attacker exploiting this threat.
Watch the video below to see a demonstration of how AlienVault USM can detect the Heartbleed vulnerability in your environment:
You can download a free 30-day trial of AlienVault USM now to detect this threat.
