Security breaches, mass DDoS attacks, ransomware mutations. No question about it – the challenges to information security are constant and ever-changing. Over the past twelve months, InfoSec has had to deal with threats not only of a greater magnitude in complexity but also in sheer volume. So in our concerted, and at times hasty, efforts to keep up with all that’s out there, are we leaving ourselves exposed? Do we need to double-back and cover our tracks?
Fact is, there is a lot to keep up with, even for security super-heroes. Given the nature of the beast, we’re always looking forward, trying to keep up or gain a little ground to ready ourselves for the next challenge. But what about those “backdoors” we just closed?
Cleaning up after mass events like ShellShock/Bashbug and Heartbleed isn’t straightforward. Sadly, one patch does not fit all when there are multiple iterations of operating systems and devices. And the truth is – there just aren’t enough good people or hours in a day to comb through all the stuff out there to find and fix what’s at risk, much as we want to. Much as we need to. What happens next is inevitable. The adversary takes advantage, finds the hole, and builds exploits that we then must find and shut down in a series of blocks and tackles.
Here’s a recent case in point: Shellshock and QNAP. Shellshock doesn’t just impact servers. It impacts devices connecting to these servers through the internet: wireless access points, routers, smart fridges, video cams, webcams, even light bulbs. You can patch a server. It’s not so easy to patch a fridge. The real challenge has been to identify and patch all those different exposed devices. QNAP makes network attached storage devices that are popular world-wide. And therefore ideal targets for Shellshock exploits.
While QNAP did issue a firmware patch in October, Shellshock worm exploits were detailed later in December. The worm targeted a particular CGI script, /cgi-bin/authLogin.cgi, which could then be accessed without authentication. That would allow attackers to launch a shell script that could in future download more malware. Essentially, keeping the backdoor open.
One of the interesting things noted about this worm, per Kaspersky’s detailed write up, was that the script it made then downloaded and installed QNAP’s Shellshock patch. Yes! But in a move that was strictly territorial to keep other opportunistic attackers out. Kaspersky advised that
“IT staff responsible for these devices security should apply patches themselves, or a worm will do it. At a price”
I’ve followed up with QNAP, and nothing else has been issued. The onus is on the users to identify and patch their products. Need I say more?
It’s easy to lose track when the tyranny of the urgent sets our agendas for us. And it’s hard to be proactive when you’re busy fighting fires. But the fact is we need to keep watching those backdoors – because they don’t always shut completely.
As featured on DarkMatters by Norse Corp
The featured illustration is an actual screencapture of Shellshock malware by MalwareMustDie.org, a whitehat security research workgroup
- The 6 Most Common IT Issues That Hinder SMB Owners
- 5 Ways Software Can Slow Down Your Workflow
- How Off-the-Shelf Software Often Struggles to Meet Today’s Business Needs
- What Goes Into Creating Custom Software
- How Custom Software Can Eliminate Redundancies in Your Operations
- Your Dated Software is Costing You Clients
- Why You Should Replace Your Current Legacy System
- These Software Inefficiencies Are Hampering Your Competitiveness
- How to Ensure a Smooth Legacy System Migration
- Why You Need a Cloud Based VoIP Phone System
- Why You Need a Mobile Device Management Solution
- Leverage our Disaster Recovery Planning to Protect and Restore Your Company’s Data
- 5 Benefits to Choosing Managed IT for Your Healthcare Organization
- 6 Benefits to Choosing Managed IT Support
- 6 Questions to Ask Yourself Regarding Healthcare Managed IT
- 4 Common IT Security Vulnerabilities You Should Know About
- The Impressive Benefits of Office 365 for Small- and Medium-Sized Businesses (And How You Can Get Them)
- Waterfall vs. Agile Methodology in Software Development
- Can a Not-For-Profit Afford Managed IT?
- 7 Reasons Why Your Business Needs Enterprise-Grade WiFi
- Should You Fear Machine Learning?
- Technically Speaking
- Ransomware: Don’t Get LOCKY’d Out
- Laying in Your Security Foundation
- The Windows 10 Update: Be Wary of Shiny New Things
- An Example Of Why You Need A Disaster Recovery Plan (DRP)
- DRP: What Have I Got to Lose?
- Helping Those Who Help Others: Security for Non-Profits
- Security: One Step Forward and Two Steps Back
- Case Study