Learning from ShellShock
Research and Intelligence Report- IBM MSS Threat Research Group
IBM has published an intelligence report detailing their experience and insight following the reporting of a long standing vulnerability in the GNU Bash shell (widely used on Linux, Solaris and Mac OS systems).
This sparked the mobilization of attacks known as “shellshock” beginning in late September 2014. This is the IBM Analysis of the Shellshock Bug and how it was used.
This first vulnerability soon gave way to the disclosure of several additional vulnerabilities affecting the UNIX Shell within a short period of time. A break-down of these vulnerabilities is provided in the “Situation/What Happened” section below.
Now, a few weeks removed from the initial developments, IBM take a deeper look at the shellshock data gleaned from our worldwide network of sensors to identify vectors and origins of attack, targeted industries, and any other significant findings.
Noteworthy observations include: the speed at which the vulnerability was exploited following disclosure, the number of vectors used to carry out the attacks (with a focus on the top five), and the similarities between this threat and the Heartbleed attacks.
Additionally, IBM found surprises in the top ten attacking and attacked countries lists including Iceland making the top ten attacking countries list for the first time and Japan sustaining the highest number of attacks from the most number of countries.
The speed and frequency of shellshock attacks signals a clear warning to IS teams and business more generally that not only must we all be much more aware of the risks and vulnerabilities, but there has to be capability to react and mitigate them extremely quickly.
You can download this revealing report by clicking on the image below.
You might also like ...
Francis Maude (Minister for the Cabinet Office) has held a meeting, hosted by Marsh Ltd, for CEOs from the insurance sector.
The aim of the discussions was to develop a collaborative approach between the insurance sector and the government to reduce the cyber risk dangers faced in the online business marketplace. The rationale behind this was that insurers and insurance brokers can help promote the adoption of good practice, including Cyber Essentials that reduce the frequency and cost of breaches.