Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise.
The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have recalibrated to keep up with the chaotic landscape, it’s a good time to look back at this threat and the underlying factors that keep these attacks alive today.
Why is Shellshock Relevant in 2020?
Shellshock is a critical vulnerability due to the escalated privileges afforded to attackers, which allow them to compromise systems at will. Although the ShellShock vulnerability, CVE-2014-6271, was discovered in 2014, it is known to still exist on a large number of servers in the world. The vulnerability was updated (CVE-2014-7169) soon after and has been modified up until 2018.
The main reason Shellshock is still in use is no shocker. This vulnerability is a simple and inexpensive attack bad actors can deploy against an unknowing target. Patches have been available since the CVE entry, but any organization without proper patch management systems in place may still be vulnerable.
Shellshock was still prominent in 2017. When all attackers need are some basic programming skills, a server and access to malware, it’s not surprising. Plus, the cost to carry out an attack isn’t much more than a few dollars per month. The math is in the attackers’ favor. Minimal knowledge, little effort and low cost equals one e ..
Support the originator by clicking the read the rest link below.
