Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation.
This attack can also be used to redirect victims into an attacker-controlled shell.
The root causes of this attack were an authentication flaw in the SSH handshake and the non-resetting of sequence numbers.
This contributes to several attacks over SSH servers, such as Prefix Truncation, sequence number manipulation, and extension negotiation downgrade attacks.
According to the reports shared with Cyber Security News, nearly 11 million SSH servers worldwide were discovered to be vulnerable to this terrapin attack, according to Shadowserver.
Though there are no confirmed reports of exploitation, every country has many servers that could be exploited.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
These servers include IPv4 and IPv6 SSH servers.
The CVE has been given a severity rating of 5.9.
The USA tops the list with more than 3.3 Million servers, followed by China with 1.3 Million servers.
Germany and Russia were found to have 1 Million and 700K vulnerable servers, respectively.
Subsequently, Singapore, Japan, France, the UK, and the Netherlands had nearly 350K to 400K vulnerable SSH servers.
Hong Kong, Canada, and India were also found to contain approximately 200K and 300K vulnerable SSH servers.
There has been no evidence of exploitation of this attack by threat actors in the wild.
Considering the scope of the attack, there are higher chances that a terrapin attack might become a promising target for cybercriminals.
It is recommended for organizations to take appropriate security measures to prevent this terrapin attack and stop them from becoming a victim of threat actors.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 04 Jan 2024 11:16:26 +0000