Annual Global Census of“Heartbleed”

Annual Global Census of“Heartbleed”
Summary
In April 7,2014,the open source network security protocol OpenSSL broke a major
vulnerability (CVE-2014-0160), which can lead to disclosure of sensitive information.
The vulnerability is discovered independently by Codenomicon and Google’s security
engineer, and be released by an programmer named Sean Cassidy. The origin is that
there is a bug in the module of Heartbleed, so attacker can use craft packet to obtain
the remote memory data that as 64KB long.
In the very day of one year anniversary of “Heartbleed”,ZoomEye Team have
carried out the regression census of whole IPv4 space. Although influenced ip have
been reduced to 14.6%, but there are still a large number(377,221) of IPs with that
vulnerability.
In view of the fact that it has giving enough repairing time, in order to improve
the defense ability of cyber space, this report will release 1000 affected IP followed
this paper, hope to arouse the security awareness of the relevant personnel.
Review
“Heartbleed”is absolutely worthy to known as a epic vulnerability, can be
illustrated by the follow data:
1. Affected ip most widespread:ZoomEye Team have carried out the entire network
scanning for HTTPS(443)、IMAPS(993)、SMTPS(465)、POP3S(995), found that
affected ip number are 2,590,351, its geographical distribution as follow:
Figure 1: “Heartbleed” global influence distribution in 2014
According to the affected protocols:
Figure 2: “Heartbleed” affected protocols distribution in 2014
According to the affected countries/regions TOP 25:
Figure 3: “Heartbleed” affected countries/regions in 2014
2. Affected most manufacturers,include FaceBook,Yahoo!, Taobao, PayPal, JD and
other well-known web site, at the same time, a large number of network devices
such as router, firewall, cisco, even juniper and legendsec VPN gateway also
on the list.
3. Responsed most rapid, ZoomEye team continuous focus on the IPs that affected
by the vulnerability, 3 days ago, found the global recovery rate reached a
staggering 40%, but the same time, the fixed rate in China is only 18%, still
needs to be imporved.
Figure 4:“Heartbleed” repair rate of 20 countries in 3 days in 2014
一周年数据分析
After one year o fattack and defense, at the first anniversary of the
“Heartbleed”, ZoomEye Team carried out a regression census, through the comparison
of two set of data, get a lot of inspiration, the specific data as follows:
1. ZoomEye Team carried out scanning task for whole network IPv4 space of
HTTPS(443)、IMAPS(993)、SMTPS(465)、POP3S(995),found the affected ips are
377,221, non-repare rate is only 14.6%, the geographical distribution is as
follows:
Figure 5:“Heartbleed” global influence distribution in 2015
According to the affected protocols:
Figure 6: “Heartbleed” affected protocols distribution in 2015
According to the affected countries/regions TOP 25:
Figure 7: “Heartbleed” affected countries/regions in 2014
2. Make sampling test, did not find the site that affected such as FaceBook,
Yahoo!, Taobao, PayPal and other well-known sites.
3. Anniversary survey Continuous response rate
Figure 8:“Heartbleed” repair rate of 16 countries in one year in 2015
Conclusion
After the first anniversary of the before and after comparative analysis of old
and new data can be obtained as follows:
1.Global repairment is very efficient. Global IP number which was affected has
decreased to 14.6% ;
2.Protocol-dependent manner significantly affected by IP, HTTPS (443) accounted
for more than twice the 50%.
3.Bug fixing ability is much faster than in the developed world to developing
countries.
As the developed world has more IP resource, so there are more developed countries
in 2014 "affected the national Top 25 list". Developing countries such as China, India,
and Russia, after a year of rehabilitation, got more position in the Top25 list in
the year 2015
4.Larger website such as FaceBook,Yahoo, Jingdong, Taobao, Alipay pays more
attention to security and as result, vulnerabilities was not found in sampling.
5.Continued response capacities in China still needs to improve, although from
the first 18% the repair rate, rose to 59.9%, but in contrast to Korea (69.5%), Russia
(78%), Hong Kong (81.8%), Taiwan (95.6%), and Japan (99%), the cyber security defense
capabilities remained a matter of concern.
Tips:
Hey guy, how doed it feel to see the naked “ sheep wall”, if the evil
U want more? Click Here to have a try!