Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Battling against the Shellshock bug

Zafirah Salim | Oct. 14, 2014
Organisations need to harden UNIX servers and monitor privileged account behaviours, said CyberArk.

The Shellshock bug is the newest cyber threat to hit the internet, and is said to be a more serious vulnerability than Heartbleed.

Shellshock has been lurking in the massively popular software package Bash, a command line interpreter; or shell, that provides a powerful, flexible way to run commands on a computer. A highly stealthy vulnerability, Shellshock has gone undetected in Bash for more than two decades.

Bash is a standard, free-for-all tool for UNIX-based operating systems and Apple's OS X. One of the largest industries to rely on UNIX-based systems is the energy sector, whose SCADA and industrial control systems are largely built on this technology. Additionally, it is widely used on simple Internet connected devices - this means that besides servers, anything relating to the Internet of Things, such as home routers and IP cameras, can be compromised.

Since Shellshock targets UNIX-based machines, information security company CyberArk recommends organisations to harden their servers. This can be done by implementing a 'least privilege' strategy and preventing unlimited root shell accesses. Organisations need to remove unnecessary root privileges, while tightly controlling or restricting shell capabilities when needed. This means that only authorised commands can be run, rather than those injected by an attack, such as through Shellshock.

"Shellshock allows attackers to execute code remotely, leaving organisations susceptible to unauthorised processes or commands on target machines. Zero-day vulnerabilities like this are ideal entry points for a classic advanced persistent threat," said Dan Dinnar, Vice President for Asia Pacific at CyberArk.

"Once an attacker exploits a zero-day to bypass security defences, they look for ways to jump beyond the reach of the zero-day and that is almost always by exploiting privileged accounts.  Organisations need to focus on securing and monitoring activity for these accounts to limit the scope and damage of a breach by cutting off an attacker's ability to move laterally from an affected machine to others in the network," he added.


Sign up for Computerworld eNewsletters.