The Shellshock security flaw simply won’t go away, with a recent surge in attacks using the exploit identified by IBM Managed Security Services.
Despite being discovered two years ago, Big Blue’s cyber security division has data that suggests the threat of Shellshock is still prevalent, with 7,500 Shellshock security events recorded for August alone.
IBM’s data noted that there has been a 26 percent rise in Shellshock activity this year than in 2015, with attacks being targeted at US companies
These companies predominately included firms in the information and communications sectors, such as telecoms companies and those that provide computer programming and consulting services. IBM said that was to be expected as many of the major organisations in the sector run Linux-based systems in their IT infrastructure and environments, which exposed them to the Shellshock flaw.
“Although a formidable threat when it first surfaced — IBM MSS data revealed over 1.8 million Heartbleed-based attacks by the end of the first month — Heartbleed failed to exhibit the same staying power as its system-crippling cousin, Shellshock,” said Michelle Alvarez, threat researcher at IBM Managed Security Services.
The persistence of Shellshock, according to Alvarez, is down to companies not applying rigorous patching programmes to squash the bug, which leaves them vulnerable to the exploit and hackers seeking a backdoor into a targeted company’s data.
“Like stains, some cyber threats are persistently visible, and Shellshock seems bent on sticking around,” said Alvarez.
“So how do you address this issue? Apply the appropriate update for your system. Failure to apply patches and fixes leaves your organisation at risk of Shellshock attacks. Timely patch management is vital in organisations of any size. However, depending on the complexity of your environment, this is easier said than done.”
Other companies like Ikea, stand as good examples to follow when it comes to addressing major bugs, as the Swedish furniture giant methodically upgraded all of its servers to patch against Shellshock.
Are you an expert on cyber security? Take our quiz to find out!
OpenAI launches AI agent called 'Operator' to automatically fill out forms, make restaurant reservations, book…
Bill passed to give Pakistani government sweeping controls on social media, but critics argue it…
After Meta had warned that India's data sharing ban could collapse WhatsApp's business model, tribunal…
British regulator confirms investigation of Apple and Google's domination of app stores, operating systems, and…
Launch of Samsung's Galaxy S25 Ultra, Galaxy S25+ and Galaxy S25 sees the handsets described…
Microsoft's LinkedIn sued for allegedly using customer data, including private messages, to train AI models…