Categories: IntelligenceSecurity

Statistics on the impact of Heartbleed on Select Top Level Domains

The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact.

It’s been just over 48 hours after the disclosure of the news about the Heartbleed vulnerability, the serious flaw which affect OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.

There are many assumptions made in these days, the bug is the result of a programming error or has been intentionally introduced? And by whom? As usual happen in these cases, security experts try to evaluate the impact of the vulnerability.

The Heartbleed bug is probably the biggest security threats in the story of the Internet, it affected many popular websites and web services including Facebook and Gmail, but the disconcerting truth is that the flaw could have exposed users’ sensitive account information over the past two years. Another aspect to consider is that probably Governments, just after the disclosure of Heartbleed vulnerability, immediately started to exploit the flaw to collect these precious information.

“My guess is that when Heartbleed became public, the top 20 governments in the world started exploiting it immediately,” commented Bruce Schneier.

But I add that probably many of the 20 governments were already aware of the flaw with critic consequences.

A good starting point could be the evaluation of  the Top Level Domain (TLD) names of the top 1,000,000 domains ranked by Alexa.

Experts at TrendMicro have analyzed all websites which use SSL distinguishing “vulnerable” from “safe”, nearly 5% are affected by the Heartbleed flaw (CVE-2014-0160) have extension .KR and .JP. It’s interesting to note that top five countries include .RU, .CN and GOV sites.

On the other hand, countries like France and India have a low number of vulnerable websites under FR and IN TLDs.

“We just think of a few theories why this is so. Maybe they haven’t updated to the version of OpenSSL, which was vulnerable. They could also have immediately patched vulnerable sites. Another possible reason is that these countries don’t use much machines with the most recent versions of Linux.” commented Maxim Goncharov, Senior Threat Researcher at TrendMicro

Web portal Ars Technica reported that MediaMonks of the Netherlands had evidence of exploit attempts going back to November 2013, the source IP addresses for those attacks belong to a botnet.

Net monitoring company Netcraft suggested that  nearly 500,000 servers were vulnerable to the Heartbleed bug, I’m using the past verb because the situation is in continuous evolution.

“Our most recent SSL Survey found that the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities. These certificates are consequently vulnerable to being spoofed (through private key disclosure), allowing an attacker to impersonate the affected websites without raising any browser warnings.” reports Netcraft.

In the above graph it is possible to note that just a small percentage of Microsoft web servers support the TLS heartbeat extension, as remarked by Netcraft Linux machines acting as reverse proxy front ends to Windows servers are most affected.

It is strongly suggested to revoke and replace certificates at risk of compromise, website administrators are invited to update OpenSSL.

To check  if your HTTPS website might be vulnerable you can used the following form proposed by Netcraft.


Netcraft site report
URL:

 

Let me close with a list published by Mashable that contains the principal web companies and provide information for the update status of their platform suggesting users to change their password if needed.

 

Pierluigi Paganini

(Security Affairs –  OpenSSL, Heartbleed)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

2 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

13 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

17 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.