I guess we, like many others within the industry, have become desensitized to the “FUD” and just get used to powering through during these “all hands on deck, hair on fire” exercises - because that's just the way it is.
With the release of the Shellshock (CVE 2014-6271) vulnerability last week, the entire IT industry is rushing to assess risk, coming up with novel mitigations in lieu of patches, and addressing vulnerabilities before their enterprise has been affected. Weekends. Sleep. Who needs 'em? It’s a patch party (or, bash?) and race to the finish.
One of the more interesting ways organizations are creating some extra breathing room with the “bashbug”, is by augmenting intelligence support to their network operations teams. For the past week, we have seen several organizations and researchers come together, leveraging “Shellshock” Threat Intelligence within ThreatConnect Common Community. By collaborating around community based indicators and Snort signatures (thanks to our friends and SourceFire/Cisco), security teams are managing knowledge and context of Shellshock activity. They are also quickly mitigating risks posed by “script kiddiez”, criminal elements or APT groups, all of whom, are undoubtedly scanning huge swaths of the internet looking for hosts vulnerable to Shellshock and attempting to tickle shells out of the enterprise before admin teams can put mitigations in place.
Vulnerabilities like “HeartBleed” & “Shellshock” are notable risks (and according to Grammie have “very scary names”), but they also create quite a bit of extra work for resource strapped admin and security teams. It’s time organizations got resourceful and converged network operations and security efforts so they can align efforts to effectively reduce the window of exposure to these types of threats. Targeted attacks or remote service exploits, it doesn’t matter, the admin and security staff are better enabled when they can coordinate and respond to common threats - many of which often target common industries, and organizations. When we share what we are seeing with others - we can effectively mitigate threats in real-time, often before they even hit.
Follow the latest updates, signatures, and shares on Shellshock within ThreatConnect with a free account (register here), Grammie will thank you.
Within ThreatConnect you can “follow” the Shellshock CVE 2014-6271 Threat, and every time someone in our Common Community adds an indicator, signature, attribute or comment, you will be automatically alerted of the updates. Choose "Follow" and click "Summary" or "Immediate" and you're on your way. Some of our other private communities are also sharing information, register for a free basic organization account or email us at firstname.lastname@example.org to learn more about how to get access to those.