Shellshock’s direct penalties could not have been as catastrophic as different high-profile breaches and cyber assaults, the report authors admit, however it’s a persistent drawback. For instance, in 2019, Talos found a world state-sponsored espionage marketing campaign referred to as “Sea Turtle” that manipulated DNS data to realize entry to delicate techniques. The adversary relied on a number of vulnerabilities, together with Shellshock, to realize preliminary entry.
“Whereas different confirmed public examples of state-sponsored cyber actors concentrating on Shellshock are restricted, it’s very doubtless that different superior actors have tried to use Shellshock.” says the report. Many well-known adversaries just like the Russian state-sponsored group APT28 and North Korean state-sponsored Lazarus Group exploit essential vulnerabilities in broadly used software program, making Shellshock a probable software of their broader espionage and assault campaigns, say the authors.
Mitigating the threats
Within the report, Talos supplied its prime 10 ideas for securing community gadgets. It recommends:
Arabic
Chinese (Simplified)
Dutch
English
French
German
Italian
Japanese
Korean
Latin
Portuguese
Russian
Spanish