Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat

The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online.
Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers.
It exploits vulnerabilities during the handshake process, especially when using certain encryption modes, compromising the integrity of SSH connections.
The attack requires the perpetrator to be in a unique position - an adversary-in-the-middle - to intercept and manipulate the handshake exchange.
This method enables attackers to downgrade public key algorithms for user authentication and neutralize protections against keystroke timing attacks, notably in OpenSSH 9.5.
The report by Shadowserver, a security monitoring platform, highlights the widespread vulnerability of these servers across the globe.
Shadowserver's findings show that the United States has the highest number of vulnerable servers, followed by China, Germany, Russia, Singapore, and Japan.
This distribution underlines the potential widespread impact of Terrapin attacks.
Although not every one of the 11 million servers is at immediate risk, it reveals a significant pool of targets for potential attackers.
For those concerned about the vulnerability of their SSH client or server, the team from Ruhr University Bochum offers a specialized vulnerability scanner.
If you're interested in reading more about vulnerability management, check out this article: What Is Vulnerability Management.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you'll actually want to read directly in your inbox.


This Cyber News was published on heimdalsecurity.com. Publication date: Fri, 05 Jan 2024 10:43:04 +0000


Cyber News related to Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat

Millions still haven't patched Terrapin SSH protocol vulnerability - Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the ...
11 months ago Packetstormsecurity.com
Nearly 11 million SSH servers vulnerable to new Terrapin attacks - Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic ...
11 months ago Bleepingcomputer.com
Terrapin attacks can downgrade security of OpenSSH connections - Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. This manipulation lets attackers remove ...
1 year ago Bleepingcomputer.com
Over 11M SSH Servers are Vulnerable to new Terrapin Attack - Previously, in December 2023, it was reported that SSH servers were vulnerable to the new Terrapin Attack in which threat actors can downgrade an SSH protocol version, making it vulnerable to exploitation. This attack can also be used to redirect ...
11 months ago Cybersecuritynews.com
New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
9 months ago Cybersecuritynews.com
Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat - The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, ...
11 months ago Heimdalsecurity.com
SSH vulnerability exploitable in Terrapin attacks - Security researchers have discovered a vulnerability in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection's security by truncating the extension negotiation message. Terrapin is a prefix truncation attack ...
1 year ago Helpnetsecurity.com
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
11 months ago Gbhackers.com
New Terrapin Attacking SSH Protocol to Downgrade the Security - SSH protocol is one of the most used protocols across several organizations to establish a remote terminal login and file transfer. SSH consists of an authenticated key exchange for establishing the secure channel connection to ensure integrity and ...
1 year ago Cybersecuritynews.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
1 year ago Arstechnica.com
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
2 weeks ago
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
10 months ago Microsoft.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
11 months ago Feeds.dzone.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
10 months ago Techrepublic.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
10 months ago Techrepublic.com
CVE-2024-52308 - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to ...
1 month ago Tenable.com
Attackers Targeting Poorly Managed Linux SSH Servers - In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly secured Linux SSH servers, ...
11 months ago Securityboulevard.com
Careless oversight of Linux SSH servers draws cryptominers, DDoS bots - Cybercriminals are targeting poorly managed Linux SSH servers to install malware for cryptomining or carrying out distributed denial-of-service attacks, researchers have found. According to a report by AhnLab released this week, bad password ...
11 months ago Therecord.media
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
7 months ago Cybersecuritynews.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
11 months ago Cyberdefensemagazine.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
10 months ago Thedfirreport.com
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US - Unit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors' activity. We ...
1 year ago Unit42.paloaltonetworks.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)