Skip to main content

Shellshock: The worst is yet to come

It's now just over a week since news of the Shellshock bug broke and analysts are still trying to work out just how much of an impact it could have.

Security specialist Incapsula has been tracking the vulnerability to get an idea of its magnitude, looking at the number of sites attacked and the damage caused.

The company says it has so far stopped 310,928 exploit attempts, an average of over 1,800 per hour. A spike in attacks over 27/28 September it says was partly down to attackers moving quickly and partly to businesses testing their own vulnerability.

Of the total traffic around 94 percent was some form of attack in the form of scans, server hijack attempts and DDoS malware seeding. Writing on the Incapsula blog co-founder Marc Gaffan says, "The highjack attempts were the most immediately troubling, comprising about 20 percent of the total. Scans and DDoS malware seeding made up the remaining 70 percent or so. To answer the question of how dangerous the vulnerability is, my experience leads me to believe that this may well be the calm before the storm. This appears as if a lot of criminals are setting the stage for future attacks".

These figures are based on Incapsula's sample of 100,000 websites. If its hourly figure for attacks is extrapolated over the entire web that’s potentially 1.3 billion attacks carried out over the first weekend of the vulnerability.

Gaffan warns, "The sheer volume of attacks and the types of planning Incapsula is seeing -- scans, backdoor insertions, and DDoS groundwork -- on such a large scale means that companies need to work now to fix their vulnerabilities". He goes on to say that the real fallout may still be to come from the numbers of machines that have already been compromised.

The bottom line is that businesses need to stay alert, patch systems and not assume that the danger has passed. You can read more and download the latest threat landscape report on Incapsula's website.

Image Credit: Jirsak/Shutterstock