HeartBleed Attack on Enterprise VPN

May 2, 2014 | By Editor 

Heartbleed bug, the most feared Internet security threat in the world today, was successfully exploited and launched into an unnamed company’s virtual private network (VPN). According to Mandiant, a FireEye unit, a hacker leveraged the 8-year-old bug against a VPN device hijacking multiple user sessions. The hacker easily bypassed fraud detection and multi-factor authentication system in the network and repeatedly accessed up to 64 KB of RAM space by sending unique packets to a server running on the VPN device that is compiled with vulnerable version of OpenSSL. The attacker used the bug for approximately 1000 times to collect important information such as password, session IDs, user names, and credentials.

Since the vulnerability allowed the hacker to exploit only 64 KB RAM per heartbeat request, the attacker had to repeatedly replay an attack to steal vital data. The exploit was confirmed by closely examining VPN logs and IDS signatures. The analysis revealed that an IDS signature had triggered around 17,000 alerts HeartBleed vulnerability intended for the victim company’s SSL VPN. Despite a HeartBleed Vulnerability Scanner, the bug remotely accessed active user sessions and constantly changed the VPN connections of multiple active users by moving laterally and escalating the hacker’s privileges with it. This was evident from the VPN logs. The timestamps further revealed changes in IP addresses wherein the user’s legitimate IP addresses and hacker’s IP address were geographically different. The changes were within few seconds of each other.

Enterprise Heartbleed Attack

HeartBleed vulnerability is particularly a massive damage for users, since VPNs are an additional step to ensure the privacy of online communications. If hackers are able access and extract private keys impersonating VPN server, it will pose the biggest threat to all online security measures. This is definitely not a soothing news for enterprise users. According to the reports by Sucuri, a leading security firm, nearly 2 percent of the highly-ranked websites by Amazon’s Alexa were still prone to HeartBleed vulnerability.

In order to make sure both websites and servers are secured against HeartBleed, it is paramount that all enterprises update and protect their Web-facing technologies, which include VPNs and user passwords associated with them. Organizations should also implement regular HeartBleed vulnerability check using a powerful HeartBleed Vulnerability Scanner to identify repeated attempts to exploit vulnerability by cyber criminals. It may not be a simple task but considering the fact that HeartBleed is one of the largest security exposures, it is imperative to deal with it soon.

ssl certificate

Posted in Technology

Be Sociable, Share!

Leave a Comment


* fields are mandatory