Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow

Description:

| Shellshock is a critical vulnerability in GNU Bash systems that allows attackers to infiltrate systems and using them to infect others, launch DDoS attacks, share sensitive data, and run programs. Learn how you can protect your computer and your sensitive information from this severe cybersecurity threat in this short presentation, then download the full threat advisory at:  – PowerPoint PPT presentation

Number of Views:194
Slides: 11
Provided by: AkamaiAkamai
Category: Other

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow


1
Shellshock (Bash Bug) DDoS Botnet
  • Highlights from a State of the
  • Internet Threat Advisory

2
what is shellshock (bash bug)?
  • Shellshock is a critical vulnerability in GNU
    Bash (Bourne Again Shell)
  • Affects versions 1.03 - 4.3
  • Also called Bash bug
  • Malicious actors exploit the Bash bug
    vulnerability to download and execute payloads on
    victim machines
  • Most Linux-based systems, Mac OS X and Cygwin are
    vulnerable
  • Capable of launching DDoS attacks, stealing
    sensitive information and breaching other systems

2 / state of the internet / threat advisory
3
PLXsert observations about this threat
  • Akamais infrastructure was tested by a DDoS
    Internet relay chat (IRC) botnet
  • PLXsert recorded the IRC conversation, providing
    analysis of the Shellshock Bash vulnerability and
    botnet-building
  • More than 22,000 unique attacking IP addresses
    identified from 10 different countries

Global distribution of the botnet IP addresses
3 / state of the internet / threat advisory
4
DDoS capabilities
  • Shellshock has several distributed denial of
    service (DDoS) capabilities
  • The Perl scripts placed on the compromised hosts
    exhibit DDoS functions, specifically UDP and TCP
    payloads
  • The UDP flood function consists of four flood
    payloads
  • IGMP
  • UDP
  • ICMP
  • TCP (SYN)

4 / state of the internet / threat advisory
5
a variety of industries have been targeted
  • Online gaming
  • Consumer electronics
  • Online email marketing
  • Travel
  • Online advertising
  • Online media streaming
  • Government
  • Software

5 / state of the internet / threat advisory
6
how attackers use shellshock (bash bug)
  • Bash (Bourne Again Shell) is the shell, or
    command language interpreter, for
    the GNU operating system
  • Web applications that use the Common Gateway
    Interface (CGI) method to serve dynamic content
    are at risk for the Bash bug
  • Some of the earlier patches failed to address the
    flaw in its entirety, leading to additional
    patches
  • Fully patched, remote exploitation attempts of
    this type will be unsuccessful

6 / state of the internet / threat advisory
7
system hardening and vulnerability mitigation
  • Check internal and external web servers for this
    type of application and others that may
    potentially pass input to Bash
  • Update and patch vulnerable hosts as soon as
    possible
  • Mobile phones, embedded devices and desktops,
    laptops and servers may be targeted patch these
    devices
  • Upgrade to new version of Bash, replacing Bash
    with an alternate shell, limit access or filter
    inputs to vulnerable services

7 / state of the internet / threat advisory
8
recommended DDoS mitigation
  • Akamai Web Application Firewall (WAF) protections
    are available to assist customers of Kona Web
    Application Firewall and Kona Site Defender
    services
  • The DDoS UDP and TCP flood can be mitigated with
    ACL rules
  • Akamai customers have options to minimize the
    risk of a breach and to mitigate DDoS attacks
    enabled by this vulnerability

8 / state of the internet / threat advisory
9
Threat Advisory Shellshock (Bash Bug) DDoS
Botnet toolkit
shellshock (bash bug) threat advisory
  • Download the threat advisory, Shellshock (Bash
    Bug) DDoS Botnet
  • This threat advisory includes
  • Vulnerable Bash versions
  • Details of the attack on Akamais infrastructure
  • DDoS building capabilities of binary payloads
  • Types of DDoS attacks
  • IRC conversation from within the DDoS botnet
  • How to mitigate this vulnerability
  • Sources of UNIX and Linux vendor patch
    information
  • DDoS mitigation

9 / state of the internet / threat advisory
10
about stateoftheinternet.com
  • StateoftheInternet.com, brought to you by Akamai,
    serves as the home for content and information
    intended to provide an informed view into online
    connectivity and cybersecurity trends as well as
    related metrics, including Internet connection
    speeds, broadband adoption, mobile usage,
    outages, and cyber-attacks and threats.
  • Visitors to www.stateoftheinternet.com can find
    current and archived versions of Akamais State
    of the Internet (Connectivity and Security)
    reports, the companys data visualizations, and
    other resources designed to put context around
    the ever-changing Internet landscape.

10 / state of the internet / threat advisory
About PowerShow.com