Within four days of the first public reports of a major flaw in OpenSSL's software for securing communications on the Internet, mass attacks searched for and targeted vulnerable servers.
In a report released this week, IBM found that while the attacks have died down, approximately half of the original 500,000 potentially vulnerable servers remain unpatched, leaving businesses at continuing risk of the Heartbleed flaw. On average, the company currently sees 7,000 daily attacks against its customers, down from a high of 300,000 attacks in a single 24-hour period in April, according to the report based on data from the company's Managed Security Services division.
"Despite the initial rush to patch systems, approximately 50 percent of potentially vulnerable servers have been left unpatched—making Heartbleed an ongoing, critical threat," the report stated.