Though progress has been made to patch the damage, a new type of Heartbleed exploit is being currently exploited by hackers, one which, instead of using encryption keys, uses active VPN session keys that mark authenticated users. By doing this, hackers can take control over a user session and cause themselves to be recognized as authenticated users by the VPN concentrator.
This type of Heartbleed bug was put on firmware by cybercriminals, and it can’t be gotten rid of by updating it. The contaminated firmware has to be replaced. The encryption software OpenSSL was the firmware that the Heartbleed bug was attached to.
This sort of firmware was used by cybercriminals to hack into a virtual private network (VPN). By utilizing the Heartbleed bug, the cybercriminals bypassed the multifactor authentication of the VPN and were able to gain access to the supposedly private information in the accounts they were after, such as bank account numbers and other personal data.
Mandiant, a security company based in Washington, D.C., discovered the Heartbleed bug and attack. April 8 was when the attack by the hackers began. After the cybercriminal gained access to the accounts, according to a Mandiant blog post, he/she “attempted to move laterally and escalate his/her privileges within the victim organization.”
How did Mandiant discover the Heartbleed bug was being used by hackers?
The Heartbleed bug doesn’t leave any traces behind on a site’s logs. Mandiant was able to figure out that someone was using the Heartbleed bug by noticing certain evidence that was left behind.
Mandiant looked at the VPN concentrator to find the evidence that was left behind. One clue was that some of the IP addresses switched at the remote end of some of the VPN connections. Also, another piece of evidence was the authorized users’ actual IP addresses, which was geographically very far away from the IP address of the attacker. Both had different service providers, as well.
Though a Canadian man, Stephen Arthuro Solis-Reyes of London, Ontario, was arrested by the Royal Canadian Mounted Police on Tuesday for stealing personal data using the Heartbleed bug, according to a report in the Boston Globe, Mandiant reported on Friday that at least one online cybercriminal was still using the difficult-to-detect bug.
According to Mandiant’s technical director, Christopher Glyer, cybercriminals have been “trying to scan large swaths of the Internet looking for servers that are vulnerable to this.”
OpenSSL is used to encrypt and transmit information that needs to be as secure as possible, like bank account and credit card numbers. However, an error in the Open SSL encryption that first came to light in 2012 during a program upgrad demonstrated that cybercriminals could use the Heartbleed bug, for instance, with online retailers, to infiltrate their servers, and gain access to the financial data and passwords of customers.
According to internet security analysts, the Heartbleed bug is among the worst Internet security flaws of all time.Though most major companies have attempted to repair their computers as quickly as possible, cybercriminals are moving to exploit the heartbleed bug while they can.
Beware of any emails that claim to offer you protection from a Heartbleed attack. They have been sent out to millions of people, and are really a phising scheme designed to infect your computer with malware, rather than giving you any protection. Don’t open any such emails you might receive, and it might even be a good idea to change your passwords if you have received one.
Earlier this month, researchers concluded that the Heartbleed bug had possibly infected as many as two-thirds of all Web servers. Much progress has been made in patching the problem, with all of the top 1,000 sites having been patched, but the Heartbleed bug continues to persist.
The good news is that the majority of the top sites have received patches to combat the Heartbleed bug. However, it’s as yet unknown just how many cybercriminals have managed to exploit the bug and gain access to private information, and how many more are still attempting to exploit the Heartbleed bug, in the little time they have left to take advantage of using it to “bleed” bank accounts and do other malicious damage to their victims.
Written by: Douglas Cobb