shellshock (bash bug) vulnerability | ddos botnet | presentation slideshow
TRANSCRIPT
![Page 1: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/1.jpg)
akamai.com
Shellshock (Bash Bug) DDoS Botnet Highlights from a State of the
Internet Threat Advisory
![Page 2: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/2.jpg)
= what is shellshock (bash bug)?
• Shellshock is a critical vulnerability in GNU Bash (Bourne
Again Shell)
⁄ Affects versions 1.03 - 4.3
• Also called Bash bug
• Malicious actors exploit the Bash bug vulnerability to
download and execute payloads on victim machines
• Most Linux-based systems, Mac OS X and Cygwin are
vulnerable
• Capable of launching DDoS attacks, stealing sensitive
information and breaching other systems
2 / [state of the internet] / threat advisory
![Page 3: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/3.jpg)
= PLXsert observations about this threat
• Akamai’s infrastructure was
tested by a DDoS Internet
relay chat (IRC) botnet
• PLXsert recorded the IRC
conversation, providing
analysis of the Shellshock
Bash vulnerability and
botnet-building
• More than 22,000 unique
attacking IP addresses
identified from 10 different
countries
Global distribution of the botnet IP
addresses
3 / [state of the internet] / threat advisory
![Page 4: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/4.jpg)
= DDoS capabilities
• Shellshock has several distributed denial of service
(DDoS) capabilities
• The Perl scripts placed on the compromised hosts exhibit
DDoS functions, specifically UDP and TCP payloads
• The UDP flood function consists of four flood payloads:
• IGMP
• UDP
• ICMP
• TCP (SYN)
4 / [state of the internet] / threat advisory
![Page 5: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/5.jpg)
= a variety of industries have been targeted
• Online gaming
• Consumer electronics
• Online email marketing
• Travel
• Online advertising
• Online media streaming
• Government
• Software
5 / [state of the internet] / threat advisory
![Page 6: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/6.jpg)
= how attackers use shellshock (bash bug)
• Bash (Bourne Again Shell) is the shell, or command
language interpreter, for the GNU operating system
• Web applications that use the Common Gateway Interface
(CGI) method to serve dynamic content are at risk for the
Bash bug
• Some of the earlier patches failed to address the flaw in its
entirety, leading to additional patches
• Fully patched, remote exploitation attempts of this type
will be unsuccessful
6 / [state of the internet] / threat advisory
![Page 7: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/7.jpg)
= system hardening and vulnerability mitigation
• Check internal and external web servers for this type of
application and others that may potentially pass input to
Bash
• Update and patch vulnerable hosts as soon as possible
• Mobile phones, embedded devices and desktops, laptops
and servers may be targeted; patch these devices
• Upgrade to new version of Bash, replacing Bash with an
alternate shell, limit access or filter inputs to vulnerable
services
7 / [state of the internet] / threat advisory
![Page 8: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/8.jpg)
= recommended DDoS mitigation
• Akamai Web Application Firewall (WAF) protections are
available to assist customers of Kona Web Application
Firewall and Kona Site Defender services
• The DDoS UDP and TCP flood can be mitigated with ACL
rules
• Akamai customers have options to minimize the risk of a
breach and to mitigate DDoS attacks enabled by this
vulnerability
8 / [state of the internet] / threat advisory
![Page 9: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/9.jpg)
Threat Advisory: Shellshock (Bash Bug) DDoS
Botnet toolkit
• Download the threat advisory, Shellshock (Bash Bug)
DDoS Botnet
• This threat advisory includes:
⁄ Vulnerable Bash versions
⁄ Details of the attack on Akamai’s infrastructure
⁄ DDoS building capabilities of binary payloads
⁄ Types of DDoS attacks
⁄ IRC conversation from within the DDoS botnet
⁄ How to mitigate this vulnerability
⁄ Sources of UNIX and Linux vendor patch information
⁄ DDoS mitigation
= shellshock (bash bug) threat advisory
9 / [state of the internet] / threat advisory
![Page 10: Shellshock (Bash bug) Vulnerability | DDoS Botnet | Presentation Slideshow](https://reader035.vdocuments.net/reader035/viewer/2022071814/55a7799b1a28ab530a8b4990/html5/thumbnails/10.jpg)
= about stateoftheinternet.com
• StateoftheInternet.com, brought to you by Akamai, serves
as the home for content and information intended to
provide an informed view into online connectivity and
cybersecurity trends as well as related metrics, including
Internet connection speeds, broadband adoption, mobile
usage, outages, and cyber-attacks and threats.
• Visitors to www.stateoftheinternet.com can find current
and archived versions of Akamai’s State of the Internet
(Connectivity and Security) reports, the company’s data
visualizations, and other resources designed to put
context around the ever-changing Internet landscape.
10 / [state of the internet] / threat advisory