SHELLSHOCK – The Sleeper Amongst Us

By Martin Quinn (Principal Consultant) 30 September 2014

There has been an amazing amount of media coverage in the past week regarding Shellshock or the Bash (Bourne Again Shell) vulnerability, (if you haven’t heard about it you must be hiding under a rock). However, Shellshock is not new, it’s a bug that’s been around for over 20 years – a true sleeper amongst us.

Shellshock is a vulnerability found in the Bash shell, a common user interface that uses a command-line interface to access an operating system’s services in Linux, Unix, BSD and Mac OS X. The Bash command interpreter lets users execute commands on a computer, and it is this ability that the vulnerability targets, allowing attackers to run malicious scripts in systems and servers – i.e. game over. Shellshock is the real deal – the US National Vulnerability Database has assigned Shellshock a 10/10 severity rating, due to is widespread use it has the potential to do significant and widespread damage.
The Shellshock vulnerability, when exploited, serves as a backdoor for a hacker to carry out commands, take over a machine, dig into servers, steal data and deface websites. Most computers and Internet-enabled home devices such as routers, Wi-Fi radios, and even smart light bulbs running on Linux OS are most likely affected.
CCTV cams for example, are often Linux-based and these devices can also be hacked and used as infection vectors.
Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out; it was reportedly being exploited in the wild already. Some of the possible scenarios that attackers can do range from changing the contents of web server and website code, to defacing the website, and even stealing user data from databases among others.

Malware protection vendors have been quick on the uptake to address the issue and have already detected malware such as ELF_BASHLITE.A which is capable of launching distributed denial-of-service (DDoS) attacks and to do brute force login, enabling attackers to possibly get the list of login usernames and passwords.

It was also reported that Shellshock may affect Bitcoin/Bitcoin mining, meaning attackers may possibly/potentially create armies of bots to perform these tasks.

What can you do?

Update firmware and operating systems, and install security updates. Use Shellshock detection tools or plug-ins to scan likely vulnerabilities and exploits. For system admins, patch your systems immediately and closely track your network activity.

If you or your business believe you have fallen victim to an attack, contact Intact Security today, we can assist; in the incident triage; identifying how you were breached; and reducing the risk of this ever happening again.

Intact Security offers a 1-hour free consultation. Please contact Intact Security today to book your consultationon on (02) 8070 0083.

Relax. Your security is Intact.

Author: Intact Security
Google

Posted on by Martin Quinn in Security Blog