Organizations all around the world are scrambling to check and see if their cloud app is currently vulnerable to a DROWN Attack. What is a DROWN Attack? DROWN is actually an acronym for “Decrypting RSA Obsolete Weakened eNcryption” and it is probably the biggest security vulnerability we’ve seen so far in 2016.
Its kind of like a MITM (Man in the Middle) attack where a remote agent must sit between the two endpoints, sniffing the traffic that contains packets referencing TLS RSA messages. From there, the attacker uses a version of the Bleichenbacher attack to help get hints about the master secret key.
According to Netskope, the attacker can then spend about $400 on computing resources to decrypt the key, using the hints generated from the steps above. Another scary fact is that 1 out of every 3 web servers on the internet today could be vulnerable to this attack.
DROWN Attacks can be orchestrated on websites that have implemented HTTPS using SSL 2.0 and TLS. NetSkope, a cloud research firm, mentions that over 650 SaaS products are currently (at the time of this writing) vulnerable to the DROWN Attack. At ThreatPost, Tom Spring says that the total number of impacted cloud services will drop into the 550 range by the end of today.
As cloud developers scramble to check their services for security flaws, you’re probably wondering, “How do I check my apps and services for Drown Attack vulnerabilities?”
By using any of the major cyber security tools on market, you can input the domain name of your app or website to check and see if your cloud apps or web facing properties are currently vulnerable to this type of attack.
It’s astounding that hundreds of cloud apps are still vulnerable to the DROWN attack. Noted security researchers seemed impressed at the speed in which Heartbleed, Poodle and others were re-mediated.
One bigger question remains: Why is it taking so long for some cloud service providers to recognize and re-mediate one of this year’s biggest security threats?