Shellshock to the system
Organisations must take action now on the Bash vulnerability, warns Ross Brewer
The recently identified Bash or Shellshock security vulnerability hit the headlines this week. The flaw allows malicious code extension within the Bash shell to take over an operating system and, in turn, gain access to any data on the machine.
Lots of programs run Bash shell in the background and when that extra code is added to the Bash code, the bug can be triggered. Though it has only just been found, the vulnerability has been around for a long time and so it is likely a vast number of machines and devices will be affected.
Organisations are going to need to act quickly on this one – it looks as though a huge number of connected devices are at risk.
If the flaw is used by hackers, they're going to have a field day going through confidential information and getting their hands on anything, from usernames and passwords to account numbers and personal data.
Clearly the consequences are far reaching and a lot of individuals and enterprises are likely to suffer.
While anti-virus software and firewalls are the basic line of defence for most organisations, they will not be able to stop the attackers getting in this way.
It has therefore never been more important that other controls are put in place that can minimise the damage this weakness could cause. An effective measure would be to implement protective monitoring tools that provide complete visibility into the network.
Not only can this strategy be implemented with relative speed – which really is of the essence – but as these solutions alert on any suspicious activity immediately, organisations are in a far better position to react and contain the threat before it causes any lasting damage.
Cyber attacks against businesses are becoming more frequent and there really is no excuse for not having the proper defences in place to deal with them. It's still unclear whether this flaw can be fixed entirely, as many older devices cannot be patched.
This being the case, organisations must protect themselves as best they can using tools that will allow them to see exactly what is happening on the network in real time. It is already a case of when you get breached, rather than if – and leaving this Bash hole open will make that happen faster.
Ross Brewer is vice president and managing director for international markets at LogRhythm