The Shellshock security flaw simply won’t go away, with a recent surge in attacks using the exploit identified by IBM Managed Security Services.
Despite being discovered two years ago, Big Blue’s cyber security division has data that suggests the threat of Shellshock is still prevalent, with 7,500 Shellshock security events recorded for August alone.
IBM’s data noted that there has been a 26 percent rise in Shellshock activity this year than in 2015, with attacks being targeted at US companies
These companies predominately included firms in the information and communications sectors, such as telecoms companies and those that provide computer programming and consulting services. IBM said that was to be expected as many of the major organisations in the sector run Linux-based systems in their IT infrastructure and environments, which exposed them to the Shellshock flaw.
“Although a formidable threat when it first surfaced — IBM MSS data revealed over 1.8 million Heartbleed-based attacks by the end of the first month — Heartbleed failed to exhibit the same staying power as its system-crippling cousin, Shellshock,” said Michelle Alvarez, threat researcher at IBM Managed Security Services.
The persistence of Shellshock, according to Alvarez, is down to companies not applying rigorous patching programmes to squash the bug, which leaves them vulnerable to the exploit and hackers seeking a backdoor into a targeted company’s data.
“Like stains, some cyber threats are persistently visible, and Shellshock seems bent on sticking around,” said Alvarez.
“So how do you address this issue? Apply the appropriate update for your system. Failure to apply patches and fixes leaves your organisation at risk of Shellshock attacks. Timely patch management is vital in organisations of any size. However, depending on the complexity of your environment, this is easier said than done.”
Other companies like Ikea, stand as good examples to follow when it comes to addressing major bugs, as the Swedish furniture giant methodically upgraded all of its servers to patch against Shellshock.
Are you an expert on cyber security? Take our quiz to find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…