14 DAY TRIAL // While many companies have already updated their OpenSSL installations to prevent cybercriminals from stealing their customers’ information by exploiting the Heartbleed bug, there are a number of services that are still vulnerable.
Experts at the University of Michigan have been monitoring Heartbleed attacks and vulnerable websites with the aid of ZMap, an open-source network scanner that can be used to perform Internet-wide network studies.
Shortly after news of Heartbleed came to light, experts noted that they had observed a small number of hosts scanning for the vulnerability.
On April 10, researchers revealed spotting attempts to exploit the Heartbleed bug by an IP address in China. The IP in question is known for being associated with malicious activities. A second attempt came from an Amazon EC2 instance.
“Since our honeypot address is not a major site, we suspect that these attack attempts were part of Internet-wide exploit attempts. We didn't observe any such wide-scale attacks prior to the public announcement of the bug. However we cannot rule out that the possibility that there were earlier targeted attacks against specific sites,” computer scientists at the University of Michigan wrote in their report.
On Tuesday, they revealed seeing 41 unique hosts scanning for Heartbleed and attempting to exploit vulnerable systems. 59% of the hosts are located in China and they’ve accounted for 45% of attacks.
In the meantime, Johannes Ullrich of the SANS Internet Storm Center has told AFP that while many companies have patched their websites, there’s also a downside to this entire situation. The expert believes that the Heartbleed fix might slow down Web performance.
The main problem is with digital certificates. Because of the OpenSSL vulnerability, companies have to revoke old ones and obtain new private keys. While updating keys is usually not an issue for Web browser vendors, the fact that a lot of organizations are changing their certificates at the same time could prove problematic.
At one point, users might be getting a lot of errors referring to invalid certificates. This could lead to people ignoring errors of disabling security checks in their browser. This could then be leveraged by cybercriminals.
To make matters worse, Trend Micro reports that mobile applications are also impacted by the Heartbleed bug. Initially, the security firm said that mobile apps were affected because the servers they connected to were vulnerable.
However, after a closer investigation, researchers have determined that the apps themselves are vulnerable because of a bundled OpenSSL library.
Update. The headline has been updated because Chinese IPs doesn't necessarily mean the attackers are from China.