IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
First we had heartbleed, now we're shellshocked
Wed, 1st Oct 2014
FYI, this story is more than a year old

Security companies are continuing to warn businesses to ensure they have patches in place across all vulnerable systems, following the discovery of yet another security bug, this time dubbed Shellshocked.

The vulnerability was discovered last week and affects systems running several versions of Linux and Unix operating systems, including Mac OS X, and some routers and internet of things devices.

As Shellshock is related to Linux it can affect both PC and Apple platform.

Trend Micro says the vulnerability – also known as the Bash Bug because it is a bug in the Unix Bash shell – is a ‘potentially plague-like’ vulnerability that can exploit command access to Linux-based systems constituting around 51% of web servers worldwide.

“Because of the pervasiveness, attacks against it could grow at a very fast pace.

“The recent Heartbleed vulnerability is similar in nature to Shellshock, but Heartbleed is dwarfed by the extent and reach of this new vulnerability.”

Reports quickly emerged of Shellshock related attacks internationally, with attacks leveraging the Bash bug vulnerability ranging from botnet attacks to IRC bots.

Trend Micro’s Geoff Prentis says there hasn't been much nefarious scanning for vulnerable systems across Australia and New Zealand, and little disclosure as yet of any malicious attacks.

However, he warns companies still need to be wary and ensure patching across all Internet facing servers.

Website operators are also warned to patch asap if Bash is in the script, or rescript away from Bash.

Prentis says there is ‘huge exposure’ for cloud, however he says ‘a lot’ of cloud providers moved ‘extremely quickly’ to protect themselves from the exploit.

He says it is key for any systems in the cloud to make sure they have protection such as an Intrusion Prevention System running inside their cloud environment, and that patches are quickly updated.

Because patching takes time, he suggest network forensics also be put to use.

Symantec said last week that the vulnerability could allow attackers to not only gain control over a targeted computer if exploited successfully, but could also provide them with access to other computers on the affected network.

Patches have been steadily released since the discover of the vulnerability, with Apple today releasing a patch for OS X 10.9 Mavericks, OS X 10.8 Mountain Lion and OS X 10.9 Lion.

While other organisations such as Google and Amazon were quick to issue statements about steps they had taken to address the vulnerability, Apple initially downplayed the risk to consumers, saying with OS X systems ‘are safe by default’ and not exposed to remote exploits of bash unless users configure advanced Unix services.

Prentis says the threat is a ‘mixed bag’.

“In the consumer space, exposure is not so large because consumers are less likely to be running web servers or the Linux platform.

“However, in the enterprise space, organisations need to go through a process of incident response.”