InfoSecBulletin Cybersecurity for mankind
Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver.
The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, affects both clients and servers using the SSH protocol.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
SSH channel integrity can be compromised by manipulating sequence numbers during the handshake process. This is especially true when encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
An attacker can lower the security of OpenSSH 9.5 by downgrading public key algorithms and disabling defenses against timing attacks.
Terrapin attack requires attackers to be in a middle position to intercept and modify the handshake exchange. Threat actors often infiltrate important networks and wait for the right time to launch their attack.
A report by Shadowserver warns that there are around 11 million SSH servers on the internet that can be targeted by Terrapin attacks.
The United States had 3.3 million vulnerable systems, followed by China with 1.3 million, Germany with 1 million, Russia with 700,000, Singapore with 390,000, and Japan with 380,000.
Shadowserver’s report is important because it shows that Terrapin attacks can affect many people.
Adversaries have a large pool of 11 million instances to choose from, even though not all of them are at immediate risk of being attacked. To check if an SSH client or server is vulnerable to Terrapin, the Ruhr University Bochum team offers a vulnerability scanner.
