Volume of attacks on network devices shows need to replace end of life devices quickly

Shellshock’s direct consequences may not have been as catastrophic as other high-profile breaches and cyber attacks, the report authors admit, but it is a persistent problem. For example, in 2019, Talos discovered a global state-sponsored espionage campaign called “Sea Turtle” that manipulated DNS records to gain access to sensitive systems. The adversary relied on several vulnerabilities, including Shellshock, to gain initial access.

“While other confirmed public examples of state-sponsored cyber actors targeting Shellshock are limited, it’s very likely that other advanced actors have attempted to exploit Shellshock.” says the report. Many well-known adversaries like the Russian state-sponsored group APT28 and North Korean state-sponsored Lazarus Group exploit critical vulnerabilities in widely used software, making Shellshock a likely tool in their broader espionage and attack campaigns, say the authors.

Mitigating the threats

In the report, Talos offered its top 10 tips for securing network devices. It recommends: