CYBER NEWS

Shellshock Attacks Increase Fast

Companies cannot manage to patch up their processes in the wake of Bash vulnerability. Security experts have issued two warnings regarding new malicious attacks associated with Shellshock, as they observe a rapidly growing number of cybercriminals who take advantage of the Bash flaw in UNIX and Linux systems.shellshock-attacks-increase-fast
The first warning was released by Akami and concerned a hacker group building a botnet by using systems exposed to the Shellshock vulnerability. The second one came from Trend Micro and reported about an attack on SMTP servers.
Also, a report by researchers with SERT (Solutionary Security Engineering Research Team) points out that hackers are changing their methods in an astonishingly quick manner, so they could leverage Shellshock. The experts estimated that 67% of the traffic captured with Shellshock signatures was associated to already established bad sources. This could only mean one thing – hackers are adapting fast and are already altering their strategies to include the Shellshock flaw in their attacks.

Things are getting out of control as cyber-crooks are adjusting way faster than security companies can react. The attacks are increasing, and a large part of the early activity is coming from authors of DDoS botnets. Hackers use the Bash flaw as a way to enlarge their botnets.

According to the Akami’s report the majority of the Shellshock-using botnets under observation are controlled by IRC. The same technique is being used in the attack described by Trend Micro. Their research team revealed that the crooks rely on a scam email to distribute the malicious code inserted in the From, Subject, To, and CC fields that exploits vulnerable SMTP servers, so an IRC bot can be installed. As the targeted server receives the corrupted message, the embedded payload gets executed, the IRC bot is downloaded, and connection to the controlling IRC server is established.

Experts with Trend Micro recommend IT administrators to block all related IPs and domains related to this attack.The attacks are constantly increasing, and organizations are urged to patch their systems for Shellshock. It is rather disturbing how easily the flaw can be exploited, which means that vulnerable systems can become a part of the botnets almost effortlessly.

Avatar

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...