Attacker used Heartbleed bug to attack VPN
An attacker would have successfully gained access to the VPN of an unnamed organization thanks to the Heartbleed bug in OpenSSL, Mandiant reports Friday. The American security company is investigating the attack on behalf of the organization.
The attacker used the OpenSSL vulnerability to break into a VPN belonging to an unnamed organization. He sent requests to the https web server that ran on the vulnerable version of the SSL encryption software.
According to Mandiant, which helps other companies remove malware and thwart cyber attackers, the attacker searched memory for active session tokens from authenticated users. With those tokens, he allegedly took over several sessions and allegedly bypassed two-step verification and VPN control. He then tried to increase his privileges and access other systems.
The hack came to light thanks to VPN logs and an IDS equipped to detect activities related to the Heartbleed bug. That system registered 17,000 burglary attempts that followed each other in rapid succession, Mandiant reports.
Heartbleed is a vulnerability in OpenSSL that came to light last week. The bug makes it possible to read the internal memory of a web server from the outside and thereby see private keys and decrypted data. Many websites use OpenSSL to generate private keys and have taken measures.