ThreatConnect Lights Up Shellshock

patchesYou know its time to sit down and write a blog when “Grammie” calls to tell you that “someone broke the internet” and she needs you to check if her AOL account got “Shellshocked”.

I guess we, like  many others within the industry, have become desensitized to the “FUD” and just get used to powering through during these “all hands on deck, hair on fire” exercises – because that’s just the way it is.

With the release of the Shellshock (CVE 2014-6271) vulnerability last week,  the entire IT industry is rushing to assess risk, coming up with novel mitigations in lieu of patches, and addressing vulnerabilities before their enterprise has been affected. Weekends. Sleep. Who needs ’em? It’s a patch party (or, bash?) and race to the finish.

One of the more interesting ways organizations are creating some extra breathing room with the “bashbug”, is by augmenting intelligence support to their network operations teams. For the past week, we have seen several organizations and researchers come together, leveraging “Shellshock” Threat Intelligence within ThreatConnect Common Community. By collaborating around  community based indicators and Snort signatures (thanks to our friends and SourceFire/Cisco), security teams are  managing knowledge and context of Shellshock activity. They are also quickly mitigating risks posed by “script kiddiez”, criminal elements or APT groups, all of whom, are undoubtedly scanning huge swaths of the internet looking for hosts vulnerable to Shellshock and attempting to tickle shells out of the enterprise before admin teams can put mitigations in place.

Vulnerabilities like “HeartBleed” & “Shellshock” are notable risks (and according to Grammie have “very scary names”), but they also create quite a bit of extra work for resource strapped admin and security teams. It’s time organizations got resourceful and converged network operations and security efforts so they can align efforts to effectively reduce the window of exposure to these types of threats. Targeted attacks or remote service exploits, it doesn’t matter, the admin and security staff are better enabled when they can coordinate and respond to common threats – many of which often target common industries, and organizations. When we share what we are seeing with others – we can effectively mitigate threats in real-time, often before they even hit.

Follow the latest updates, signatures, and shares on Shellshock within ThreatConnect with a free account (register here), Grammie will thank you.

Within ThreatConnect you can “follow” the Shellshock CVE 2014-6271 Threat, and every time someone in our Common Community adds an indicator, signature, attribute or comment, you will be automatically alerted of the updates. Choose “Follow” and click “Summary” or “Immediate” and you’re on your way. Some of our other private communities are also sharing information, register for a free basic organization account or email us at to learn more about how to get access to those.

About the Author
ThreatConnect Research Team

The ThreatConnect Research Team: is an elite group of globally-acknowledged cybersecurity experts, dedicated to tracking down existing and emerging cyber threats. We scrutinize trends, technology and socio-political motivators to develop comprehensive knowledge of the cyber landscape. Then, we share what we’ve learned so that you can protect your organization, and your team can take precise action against threats.