Threat Thursday: More on Heartbleed, plus the Michael's/Aaron Brothers breach, and other top security stories of the week

04/24/2014

The news on Heartbleed continues to stream, though the strength of the current has begun to subside. Many larger companies have patched their relevant vulnerabilities, and as a result, the bug is not getting quite as much press as it has been. As mentioned in several articles, the top 1000 sites are now patched but according to various estimates, 2% of the top 1 million sites are still not patched. So, there is still plenty of room for concern and consumers and businesses need to continue to assess the websites they are visiting for this vulnerability.

New Norse Heartbleed Report available tomorrow.

Norse analysts have continued to monitor suspicious activity targeting the Heartbleed vulnerability through the Norse live threat intelligence platform. Monitoring traffic on port 443 for Hypertext Transfer Protocol Secure (HTTPS) communications protocol is the easiest and simplest targeting vector for this sort of activity. Where other communication protocols on other ports would potentially use OpenSSL as the implementation to secure communications, the pervasiveness of other implementations and protocols makes analysis and conclusions impossible.

With Norse's dark intelligence gathering capabilities, we were able to determine additional information regarding the methodology and trends involving the source of the activity. In sharing this information, Norse hopes to shed light into this activity for fellow Information Security and IT professionals to use in mitigating the threat to their networks and systems.

The bulk of the IPs referenced in this report are rated HIGH or EXTREME by Norse's threat intelligence platform. HIGH designates a risk factor of 54-89, and EXTREME designates a risk factor of 89-100. Users integrating Norse dark threat intelligence into their firewall, Intrusion Detection\Prevention Systems, or SIEM can track these high risk IPs and monitor, block, or quarantine according to their security policy and acceptable risk.

Security News

As was mentioned above, Heartbleed continues to garner a large share of security news, though the coverage has died done some. Specifically, this last week, it was opined that history suggests the Heartbleed bug will likely "continue to beat," and a new browser extension can flag sites that are vulnerable to the bug. Also, more details on the Michael's/Aaron Brothers data breach were revealed this week, and Facebook's "bug bounty" program had a Wall Street Journal spotlight shined on it. In addition, it was revealed that stolen passwords are utilized in most data breaches.

Here's a sampling of some of this past week's most relevant security stories:

Be sure to check back next week for our next Threat Thursday blog update!

Norse Twitter
Norse LinkedIn
Norse Facebook
Norse YouTube Channel
Norse Blog
Norse Google+