Skip to content

The effect of Heartbleed attacks on IBM customers

The security industry is usually very quiet about how security affects their products.

So in the new 3rd Quarter IBM threat intelligence Quarterly for 3rd quarter.

the following 2 charts are very interesting:

heartbleed affects

heartbleed attack activity

April 8, 2014 is when Heartbleed vulnerability was revealed as one can see from the US-CERT.

Which stated that the OpenSSL versions 0.9.8 and 1.0.0 does not have the  vulnerability whereas the version 1.0.1g has the vulnerability, as well as 1.0.2 beta as in this Note.

Knowing when the heartbleed vulnerability came into being one sees an almost immediate scan activity from hackers.In fact in one week  by 4/15 the activity reached 300k scans/attacks.

In case you are in denial of potential Internet attacks to your infrastructure... here is some evidence that shows the attacks from hackers after a vulnerability was exposed. And the top graph shows the continuing attacks on infrastructure many months after the vulnerability was exposed.

Leave a Reply