First Line of Defense: Tremors Still Being Felt: A Year After Shellshock

1 jaar geleden


Text only:

This message contains graphics. If you do not see the graphics, click here to view.
View the Web version.
 
First Line of Defense
 
Your regular source of security updates from TrendLabs
 
September 30, 2015
 
Follow
 

Tremors Still Being Felt: A Year After Shellshock


Forward
Share

A year ago, security researchers brought the discovery of a serious vulnerability in the Bash command shell to the fore. In no time, the news of this fatal bash (Bourne Again Shell) flaw seen in most versions of the Unix and Linux operating systems and even Mac OS X, gave cybercriminals an entry way to devise attacks that would later on threaten over half a billion servers and devices worldwide. As researchers feared, cybercriminals caught on and created threats targeting devices and servers using the 25-year-old shell.


Trend Micro played its part and just a few hours after the emergence of the vulnerability was made public, our researchers have already found an exploit in the wild—one sample of which revealed the payload ELF_BASHLITE.A.
 
" The discovery of Shellshock has incited discussions for improved vulnerability disclosure especially for software involving millions of connected systems. "
 
It not only has the capability to grant remote access to an attacker but also it allows distributed denial of service (DDoS) attacks.

After a year, while the attention it gained has relatively waned, the Shellshock tremors are still being felt and continue to put users and enterprises in the crosshairs of compromise. In our continuing investigation, since the second quarter of 2015, we have seen more than 70,000 attacks using Shellshock. In the past 15 days alone, one of our honeypots, which is vulnerable to Shellshock, has recorded 50 attacks.


Threat infections that are related to Shellshock continue to grow on a global scale. In the numbers seen in the past year, the most affected regions remain the same and this same vastness is cause for concern. Based on a two-month period data in 2014, majority of the infected machines were found in Asia (34%), Europe (34%), and North America (11%). During a similar period in 2015, we found out that Asia remains to be the region with the highest machine infections at 46% followed by Europe at 23% and North America at 14%. Our experts note that weak patching practices in Asia contribute to this high number.


In One Year After Shellshock, Are Your Servers and Devices Safer? we share observations and analyses spanning a year after the Shellshock crisis in 2014. To date, no proof of major attacks that exploit Shellshock can be seen, but this does not preclude the idea of a widespread flaw available to attackers to cause real-world harm.


The discovery of Shellshock has incited discussions for improved vulnerability disclosure especially for software involving millions of connected systems. However, discovery is not enough. Unless patched, devices and servers are not safe from impending attacks. This remains a huge problem especially for most organizations where not all systems can easily be patched. This highlights the fact that without multilayered security solutions useful in detecting and blocking exploits of vulnerabilities, devices and servers remain susceptible to compromise.


For a more detailed look at our insights and supporting facts about Shellshock, read the entry One Year After Shellshock, Are Your Servers and Devices Safer?


 
...
 
RELATED NEWS


Security Spotlight
1H TorrentLocker Landscape Shows A Growing Target Base

TorrentLocker is known for its social engineering lures specifically crafted for their target users in certain regions. In this paper, we present our findings on this ransomware’s tactics that makes it a prevalent threat.



Security for Home Users
FBI Warns Public on Dangers of the Internet of Things

While there are many benefits in using smart devices and systems, the lack of user awareness can pose risks to the devices, even more so to the physical safety of the users.



Security for Business
Targeted Attacks Hub: What is a Targeted Attack?

We bring to you all the latest targeted attacks news and stories to keep you abreast on the risks, and provide insight on appropriate mitigation in combatting this threat.


© 2015 Trend Micro Incorporated

Archive


Subscribe


Unsubscribe

Trendmicro.com

Categorieën: Zakelijke goederen Ict Zzp | Zelfstandige zonder personeel Computers | Software
Leeftijd: 14 t/m 18 jaar 19 t/m 30 jaar 31 t/m 64 jaar 65 jaar en ouder

Deel deze nieuwsbrief op

© 2017