Novel Terrapin attack could impact millions of SSH servers

Nearly 11 million SSH servers connected to the internet, or about 52% of all scanned servers in IPv4 and IPv6 environments, could be compromised with the novel Terrapin attack, which could affect SSH channel integrity in certain encryption modes, as well as deactivate keystroke timing attack defenses in OpenSSH 9.5, according to BleepingComputer. The U.S. accounted for most of the systems vulnerable to the Terrapin attack, followed by China, Germany, Russia, Singapore, and Japan, a report from Shadowserver revealed. While Terrapin, developed by Ruhr University Bochum researchers, requires an adversary-in-the-middle approach for threat actors to facilitate handshake exchange interception and alteration in SSH clients and servers, significant global exposure to such an attack indicates a potentially widespread impact of compromise. Organizations looking to ensure the security of their SSH clients or servers could leverage the vulnerability scanner provider by the Ruhr University Bochum research team.