Can Heartbleed be used in DDoS attacks?

Jeffrey A. Lyon, CISSP-ISSMP, founder of Black Lotus Communications

It's now matter-of-fact that SSL private keys, login credentials and other encrypted data can be stolen via Heartbleed. To remediate this threat, administrators must ensure that any systems operating OpenSSL are upgraded to 1.0.1g, change any passwords that may have leaked while systems were exposed, and continue to change passwords frequently as a matter of best practice.

Additionally, companies should revoke any SSL certificates derived from certificate signing requests (CSR) that may have had their keys compromised. Organizations can accomplish this by contacting the certificate authority that issued the SSL certificates. To make matters worse, this measure does not guarantee that the stolen keys will not be used, as many popular browsers do not check for revocation by default. As a result, side effects from Heartbleed will continue for many months or even years post-remediation.

In terms of DDoS attacks, the dominant threats observed by Black Lotus and reported in its Q1 2014 Threat Report are NTP DrDoS attacks, as well as traditionally dominant attacks against Web services, specifically SYN floods and HTTP application layer attacks. With NTP attacks waning in frequency and effectiveness, many attackers are resorting to tried-and-true methods of causing damage to their targets.

In the future, it is likely that attackers will discover new amplification vulnerabilities in UDP services, leading to more wide scale and severe DrDoS attacks that are expected to exceed 800Gbps in the next 12 to 18 months. While there is much to fret over in the wake of DrDoS and vulnerabilities like Heartbleed, DTLS reflection attacks do not rank among serious issues for which network operators and systems administrators need to be immediately concerned.

Previous Page  1  2  3