Heimdal
Home > Cybersecurity News

Widespread Vulnerability in SSH Servers: The Terrapin Attack Threat

Research Reveals Nearly 11 Million SSH Servers Exposed to New Security Flaw.

Last updated on January 5, 2024

article featured image

Contents:

The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online.

Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers.

It exploits vulnerabilities during the handshake process, especially when using certain encryption modes, compromising the integrity of SSH connections.

Mechanism and impact

The attack requires the perpetrator to be in a unique position – an adversary-in-the-middle (AitM) – to intercept and manipulate the handshake exchange.

This method enables attackers to downgrade public key algorithms for user authentication and neutralize protections against keystroke timing attacks, notably in OpenSSH 9.5.

The report by Shadowserver, a security monitoring platform, highlights the widespread vulnerability of these servers across the globe.

map of vulnerable SSH servers

Map of vulnerable SSH servers (Source)

Geographical distribution and significance

Shadowserver’s findings show that the United States has the highest number of vulnerable servers (3.3 million), followed by China (1.3 million), Germany (1 million), Russia (700,000), Singapore (390,000), and Japan (380,000).

This distribution underlines the potential widespread impact of Terrapin attacks. Although not every one of the 11 million servers is at immediate risk, it reveals a significant pool of targets for potential attackers.

For those concerned about the vulnerability of their SSH client or server, the team from Ruhr University Bochum offers a specialized vulnerability scanner (Github).

If you’re interested in reading more about vulnerability management, check out this article:  What Is Vulnerability Management [Everything You Need to Know].

And if you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Related Articles

How to Create a Cybersecurity Incident Response Plan [2024]How To Break The Metrics Mirage in Vulnerability Management12 Best Vulnerability Management Systems & Tools 2024Vulnerability Management Metrics: It’s Time to Look Past the Metrics Mirage12 Best Windows Server Patch Management Software & Tools 2024Why Organizations Struggle With Vulnerability Management?What Is Vulnerability Management [Everything You Need to Know]

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V