Learning from ShellShock

Research and Intelligence Report- IBM MSS Threat Research Group

IBM has published an intelligence report detailing their experience and insight following the reporting of a long standing vulnerability in the GNU Bash shell (widely used on Linux, Solaris and Mac OS systems).

This sparked the mobilization of attacks known as “shellshock” beginning in late September 2014. This is the IBM Analysis of the Shellshock Bug and how it was used.

This first vulnerability soon gave way to the disclosure of several additional vulnerabilities affecting the UNIX Shell within a short period of time. A break-down of these vulnerabilities is provided in the “Situation/What Happened” section below.

Now, a few weeks removed from the initial developments, IBM take a deeper look at the shellshock data gleaned from our worldwide network of sensors to identify vectors and origins of attack, targeted industries, and any other significant findings.

Noteworthy observations include: the speed at which the vulnerability was exploited following disclosure, the number of vectors used to carry out the attacks (with a focus on the top five), and the similarities between this threat and the Heartbleed attacks.

Additionally, IBM found surprises in the top ten attacking and attacked countries lists including Iceland making the top ten attacking countries list for the first time and Japan sustaining the highest number of attacks from the most number of countries.

The speed and frequency of shellshock attacks signals a clear warning to IS teams and business more generally that not only must we all be much more aware of the risks and vulnerabilities, but there has to be capability to react and mitigate them extremely quickly.

You can download this revealing report by clicking on the image below.