Shellshock DDoS Attacks Spike

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/shellshock-ddos-attacks-spike-a-7365

By Mathew J. Schwartz
Bank Info Security
September 29, 2014

Distributed-denial-of-service attacks that target the Bash flaws known as 
Shellshock have spiked in recent days.

"We're seeing north of 1.5 million #shellshock attacks across the 
@CloudFlare network daily," says Matthew Prince, CEO of the content 
delivery network and DDoS defense firm CloudFlare. Prince says that count 
is determined by the company's Web application firewall detecting 
attempted attacks that use the Shellshock flaw.

Shellshock-targeting DDoS attacks and IRC bots were spotted less than 24 
hours after news about the Bash bug went public last week. Since then, 
security software vendor Trend Micro says it's also seen 
Shellshock-related IP address probes directed against unnamed institutions 
in Brazil, as well as at least one financial services firm in China. 
"Attackers were trying to see if several IPs owned by the institution were 
vulnerable to a Shellshock vulnerability, specifically CVE-2014-6271. 
Further analysis revealed that three of the tested IPs were possibly 
vulnerable, as the attackers tried to use the command ... 'uname' [to 
display] system information, including the OS platform, the machine type, 
and the processor information."

To date, however, the security software vendor hasn't seen the exploit 
being used to deliver malware payloads. "At first glance, retrieving 
system information might seem harmless," Trend Micro says. But this 
reconnaissance "could possibly be a sign of preparation for ... more 
damaging attacks."

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/