Nearly two months after its announcement, the Shellshock flaw in Bash has become immensely popular. Over 630 000 incidents have been detected from more than 15 000 IP addresses worldwide in only a two-week-period. This marks a distinct increase in the attacks compared to the early stage of the disclosure.
The Frequency of the Attacks
Incapsula’s statistics show that at the very beginning 1,970 attacks per hour were detected. A month later the rate isn’t getting much lower – over 1,870 have been carried out. What’s different is the amount of IP addresses that deploy them – they have increased by 1,600%. This only comes to show that the hackers are constantly scanning the Web in order to find more and more vulnerable systems which they can deploy in their malicious campaigns.
It would be logical to presume that most of the vulnerable computers have already been patched, but, unfortunately, not all systems are regularly taken care of. What’s quite disturbing is the fact that the first patch for Shellshock did not fully mitigate the flaw, which left a large number of machines at a risk.
Hackers Can Exploit Any System
Shellshock is still a very dangerous flaw that can damage unprotected devices, and expose other machines to risk as a part of DDoS botnet attacks. It doesn’t matter if the computer is old or new; as soon as it is connected to the Internet it can be exploited by cybercrooks. The attacks in which the Shellshock bug is leveraged can have many goals; in many cases it is used to add a machine to a botnet, which can then launch a DDoS attack or spread various malware. Mostly targeted are servers, because fewer resources are needed for the attack, and malware is delivered to its customers.
NAS devices are also targeted because of the files stored on them. The Shellshock vulnerability could be exploited in order to inject ransomware in the compromised device, and the hackers could demand a certain fee in exchange for the decryption key.