Newly Discovered Vulnerability Potentially Worse than Heartbleed
A new cyber vulnerability discovered this week, known as the Bash or Shellshock bug, could cause major problems for digital companies and the expanding Internet of Things. The security flaw, which has been around for 25 years but was only formally identified yesterday, allows for remote execution of malicious code with the bash shell, enabling cybercriminals to take over control of an operating system and gain access to sensitive data. So far the flaw has been found to affect Unix- and Linux-based systems, as well as Mac OS X.
Security researchers have analyzed the exploit and found that the cyber vulnerability contains multiple functions, including the ability to connect with a distributed denial of service IRC bot. According to ZDNet contributor Liam Tung, the flaw also offers a feature that attempts to provide login information from a list of weak passwords, including root, user and 123456 to users on vulnerable servers.
In an interview with CNET, engineering manager for security firm Rapid7 Tod Beardsley warned people not to be fooled by the exploit’s low level of complexity, as it can affect a wide range of devices.
“This vulnerability is potentially a very big deal,” said Beardsley. “It’s rated a 10 for severity, meaning it has maximum impact, and ‘low’ for complexity of exploitation — meaning it’s pretty easy for attackers to use it. The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers… Anybody with systems using bash needs to deploy the patch immediately.”
Cybercriminals already using Bash
While the possibility for exploitation was just identified yesterday, attackers have begun looking for ways to leverage the flaw, as researchers have already seen instances of the Bash bug in the wild. According to security expert Robert Graham, the bug’s ability to interact with other software in unexpected ways and the enormous amount of software that comes in contact with the bash shell means that this flaw could potentially be more damaging than Heartbleed. During analysis of the vulnerability, Graham found at least 3,000 systems that could be targeted by Bash.
“Consequently, even though my light scan found only 3,000 results, this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems,” said Graham “One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would ‘game over’ for large networks.”
When common methods of malware protection fail to protect systems, enterprises should consider the use of security information and event management services. Concierge SIEM services monitor network activity at all times in order to identify any nefarious or anomalous behavior. Recorded activity is then analyzed so companies can use it to create a more effective cyber defense strategy.