Shellshock Bug Back And Stronger Than Ever

The Shellshock security flaw simply won’t go away, with a recent surge in attacks using the exploit identified by IBM Managed Security Services.

Despite being discovered two years ago, Big Blue’s cyber security division has data that suggests the threat of Shellshock is still prevalent, with 7,500 Shellshock security events recorded for August alone.

IBM’s data noted that there has been a 26 percent rise in Shellshock activity this year than in 2015, with attacks being targeted at US companies

These companies predominately included firms in the information and communications sectors, such as telecoms companies and those that provide computer programming and consulting services. IBM said that was to be expected as many of the major organisations in the sector run Linux-based systems in their IT infrastructure and environments, which exposed them to the Shellshock flaw.

Shellshock lives

IBM highlighted that according to its data, Shellshock has had a far larger impact than the Heartbleed bug identified in the OpenSSL cryptography library back in April 2014.

“Although a formidable threat when it first surfaced — IBM MSS data revealed over 1.8 million Heartbleed-based attacks by the end of the first month — Heartbleed failed to exhibit the same staying power as its system-crippling cousin, Shellshock,” said Michelle Alvarez, threat researcher at IBM Managed Security Services.

The persistence of Shellshock, according to Alvarez, is down to companies not applying rigorous patching programmes to squash the bug, which leaves them vulnerable to the exploit and hackers seeking a backdoor into a targeted company’s data.

“Like stains, some cyber threats are persistently visible, and Shellshock seems bent on sticking around,” said Alvarez.

“So how do you address this issue? Apply the appropriate update for your system. Failure to apply patches and fixes leaves your organisation at risk of Shellshock attacks. Timely patch management is vital in organisations of any size. However, depending on the complexity of your environment, this is easier said than done.”

Other companies like Ikea, stand as good examples to follow when it comes to addressing major bugs, as the Swedish furniture giant methodically upgraded all of its servers to patch against Shellshock.

Are you an expert on cyber security? Take our quiz to find out!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago