Threat Intelligence: Heartbleed Impact

Rob Kraus on Solutionary's Latest Threat Report
Threat Intelligence: Heartbleed Impact
Solutionary is out with its quarterly threat intelligence report. Topping the list: the exploitability of the Heartbleed bug, and the current malware trends. Rob Kraus teases the report's highlights.

The Heartbleed bug, of course, was the big news in the second quarter of 2014, and Solutionary's security engineering research team invested time, testing exactly how prospective attackers could exploit the vulnerability.

See Also: Close the Gapz in Your Security Strategy

In some ways, says Kraus, SERT's director of research, the Heartbleed bug - despite the massive media attention - was actually under-appreciated for its full potential.

"Some organizations are still working on their maturity models, and they don't understand the threat," Kraus says. "The people who are on the ground, testing the Heartbleed vulnerability and writing proof of concept code and exploiting it ... [their perception] is certainly different than what the general public understands, as well as even security practitioners who ... don't necessarily understand the impact of Heartbleed."

Yet, malware continues to steal the headlines. And among the latest findings: 59 percent of malware captured was hosted in the U.S. - a 12 percent jump since the end of 2013. And the top 10 internet service providers represent the source of 52 percent of the malware identified in Q2.

In an interview about Solutionary's latest threat intelligence report, Kraus discusses:

  • The Heartbleed impact;
  • Latest malware trends;
  • The need for threat intelligence and risk analysis prior to selecting security products;
  • Threat trends to watch in the months ahead.

Kraus is the director of research for the Solutionary engineering research team. He is a Certified Information Systems Security Professional (CISSP), specializing in vulnerability research, malware analysis, threat intelligence, Web application security assessments, external and internal penetration testing, and social engineering. He previously was a manager within Solutionary's security consulting services group.

Solutionary, an NTT Group security company, is the next generation managed security services provider (MSSP). Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.