View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers exploit Heartbleed Bug to launch attack on a PVN network

The hackers bypassed the multifactor authentication and fraud detection system in the network.

By Vinod

Hackers claimed to have successfully broke into an unnamed organisation’s virtual private network (VPN), using Heartbleed blog, bypassing multifactor authentication and fraud detection system in the network, according security firm Mandiant, a unit of FireEye.

The vulnerability allowed the hacker to repeatedly access up to 64KB of random memory space per malformed heartbeat request, by sending a specially designed packet to a server running a vulnerable version of OpenSSL.

The hackers said to have used the bug for about 1000 times to gather vital information like password.

Mandiant confirmed the exploit by examining two sources of information, IDS signatures and VPN logs.

During analysis of the exploit the security firm found that a malicious IP address triggered thousands of IDS alerts for the Heartbleed vulnerability destined for the victim organisation’s SSL VPN.

The VPN logs showed active VPN connections of multiple users rapidly changing back and forth, "flip flopping", between the malicious IP address and the user’s original IP address. In several cases the "flip flopping" activity lasted for multiple hours.

The timestamps associated with the IP address changes were often within one to two seconds of each other. The legitimate IP addresses accessing the VPN were geographically different from malicious IP address and belonged to different service providers.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Mandiant has suggested that those running vulnerable versions of remote access software or appliances should upgrade their vulnerable infrastructure.

It also suggested that orgnisations should implement intrusion detection signatures to identify repeated attempts to exploit the vulnerability by hackers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.