The Shellshock security flaw simply won’t go away, with a recent surge in attacks using the exploit identified by IBM Managed Security Services.
Despite being discovered two years ago, Big Blue’s cyber security division has data that suggests the threat of Shellshock is still prevalent, with 7,500 Shellshock security events recorded for August alone.
IBM’s data noted that there has been a 26 percent rise in Shellshock activity this year than in 2015, with attacks being targeted at US companies
These companies predominately included firms in the information and communications sectors, such as telecoms companies and those that provide computer programming and consulting services. IBM said that was to be expected as many of the major organisations in the sector run Linux-based systems in their IT infrastructure and environments, which exposed them to the Shellshock flaw.
“Although a formidable threat when it first surfaced — IBM MSS data revealed over 1.8 million Heartbleed-based attacks by the end of the first month — Heartbleed failed to exhibit the same staying power as its system-crippling cousin, Shellshock,” said Michelle Alvarez, threat researcher at IBM Managed Security Services.
The persistence of Shellshock, according to Alvarez, is down to companies not applying rigorous patching programmes to squash the bug, which leaves them vulnerable to the exploit and hackers seeking a backdoor into a targeted company’s data.
“Like stains, some cyber threats are persistently visible, and Shellshock seems bent on sticking around,” said Alvarez.
“So how do you address this issue? Apply the appropriate update for your system. Failure to apply patches and fixes leaves your organisation at risk of Shellshock attacks. Timely patch management is vital in organisations of any size. However, depending on the complexity of your environment, this is easier said than done.”
Other companies like Ikea, stand as good examples to follow when it comes to addressing major bugs, as the Swedish furniture giant methodically upgraded all of its servers to patch against Shellshock.
Are you an expert on cyber security? Take our quiz to find out!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…