Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow - PowerPoint PPT Presentation

View by Category
About This Presentation

Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow


| Shellshock is a critical vulnerability in GNU Bash systems that allows attackers to infiltrate systems and using them to infect others, launch DDoS attacks, share sensitive data, and run programs. Learn how you can protect your computer and your sensitive information from this severe cybersecurity threat in this short presentation, then download the full threat advisory at:  – PowerPoint PPT presentation

Number of Views:194
Slides: 11
Provided by: AkamaiAkamai
Category: Other


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow

Shellshock (Bash Bug) DDoS Botnet
  • Highlights from a State of the
  • Internet Threat Advisory

what is shellshock (bash bug)?
  • Shellshock is a critical vulnerability in GNU
    Bash (Bourne Again Shell)
  • Affects versions 1.03 - 4.3
  • Also called Bash bug
  • Malicious actors exploit the Bash bug
    vulnerability to download and execute payloads on
    victim machines
  • Most Linux-based systems, Mac OS X and Cygwin are
  • Capable of launching DDoS attacks, stealing
    sensitive information and breaching other systems

2 / state of the internet / threat advisory
PLXsert observations about this threat
  • Akamais infrastructure was tested by a DDoS
    Internet relay chat (IRC) botnet
  • PLXsert recorded the IRC conversation, providing
    analysis of the Shellshock Bash vulnerability and
  • More than 22,000 unique attacking IP addresses
    identified from 10 different countries

Global distribution of the botnet IP addresses
3 / state of the internet / threat advisory
DDoS capabilities
  • Shellshock has several distributed denial of
    service (DDoS) capabilities
  • The Perl scripts placed on the compromised hosts
    exhibit DDoS functions, specifically UDP and TCP
  • The UDP flood function consists of four flood
  • IGMP
  • UDP
  • ICMP
  • TCP (SYN)

4 / state of the internet / threat advisory
a variety of industries have been targeted
  • Online gaming
  • Consumer electronics
  • Online email marketing
  • Travel
  • Online advertising
  • Online media streaming
  • Government
  • Software

5 / state of the internet / threat advisory
how attackers use shellshock (bash bug)
  • Bash (Bourne Again Shell) is the shell, or
    command language interpreter, for
    the GNU operating system
  • Web applications that use the Common Gateway
    Interface (CGI) method to serve dynamic content
    are at risk for the Bash bug
  • Some of the earlier patches failed to address the
    flaw in its entirety, leading to additional
  • Fully patched, remote exploitation attempts of
    this type will be unsuccessful

6 / state of the internet / threat advisory
system hardening and vulnerability mitigation
  • Check internal and external web servers for this
    type of application and others that may
    potentially pass input to Bash
  • Update and patch vulnerable hosts as soon as
  • Mobile phones, embedded devices and desktops,
    laptops and servers may be targeted patch these
  • Upgrade to new version of Bash, replacing Bash
    with an alternate shell, limit access or filter
    inputs to vulnerable services

7 / state of the internet / threat advisory
recommended DDoS mitigation
  • Akamai Web Application Firewall (WAF) protections
    are available to assist customers of Kona Web
    Application Firewall and Kona Site Defender
  • The DDoS UDP and TCP flood can be mitigated with
    ACL rules
  • Akamai customers have options to minimize the
    risk of a breach and to mitigate DDoS attacks
    enabled by this vulnerability

8 / state of the internet / threat advisory
Threat Advisory Shellshock (Bash Bug) DDoS
Botnet toolkit
shellshock (bash bug) threat advisory
  • Download the threat advisory, Shellshock (Bash
    Bug) DDoS Botnet
  • This threat advisory includes
  • Vulnerable Bash versions
  • Details of the attack on Akamais infrastructure
  • DDoS building capabilities of binary payloads
  • Types of DDoS attacks
  • IRC conversation from within the DDoS botnet
  • How to mitigate this vulnerability
  • Sources of UNIX and Linux vendor patch
  • DDoS mitigation

9 / state of the internet / threat advisory
  •, brought to you by Akamai,
    serves as the home for content and information
    intended to provide an informed view into online
    connectivity and cybersecurity trends as well as
    related metrics, including Internet connection
    speeds, broadband adoption, mobile usage,
    outages, and cyber-attacks and threats.
  • Visitors to can find
    current and archived versions of Akamais State
    of the Internet (Connectivity and Security)
    reports, the companys data visualizations, and
    other resources designed to put context around
    the ever-changing Internet landscape.

10 / state of the internet / threat advisory