AfterShock. BASH vulnerability in the wild

As the fallout of last weeks so called ShellShock vulnerability continues, which enables commands to be run on systems via a bug in the BASH (or born again, or needs to be born again) shell, attacks are being seen in-the-wild.

We figure that most Apache web servers will either not require patching or will now be patched, which leaves laptop and desktop Apple computers and embedded systems such as SAN controllers vulnerable.

It seems that every patch that is released is either incomplete or reveals yet another issue with BASH. Apple’s patch of 30/09/14 is regarded as incomplete and new BASH exploits appear to be emerging like flying ants on the nuptial flight.

Whilst the exploitation of Mac systems is a worry, the patch window of embedded systems appears to be the target of in-the-wild exploits. To be specific, it appears that hackers are actively targeting embedded devices that run Linux as an OS (and are likely un-patched or for that manner managed at all).

Reports from Japan and Korea have identified valid attacks on Network Attached Storage (NAS devices). Whilst the motives or perpetrators of the attacks are currently unknown, we think that this type of attack and exploit against embedded, poorly managed devices will become rampant over the next few months.

ITC has a number of tools available to identify vulnerable systems (which perhaps you didn’t even know you had), to identify ShellShock activity, to block the attack and remediate the risks.

We would welcome the opportunity to discus shells and shocks with you, shoon. Please contact us on: 020 7157 3900 or email [email protected]