In late September, cybersecurity experts discovered the latest in a long string of software bugs that threatened millions of operating systems, including Mac computers and Android smartphones. The bug, dubbed Shellshock by researchers from Kaspersky Labs and other firms, was initially compared to the Heartbleed vulnerability, only far worse — while Heartbleed stole passwords, Shellshock was able to take over entire machines via remote code execution.
So what is Shellshock? Basically it’s nothing more than a line of compromised code in the Bash Unix shell, a free piece of software that is written into over 70% of devices that connect to the Internet: servers, routers, computers, mobile phones, even cameras and refrigerators.
The ubiquity of Bash caused several outlets to predict that Shellshock would lead to “an Internet meltdown,” as The Verge put it in a classic case of clickbait tactics. The National Institute of Standards and Technology rated the vulnerability a 10 out of 10. And other rallying cries of alarm noted that Heartbleed went undetected for two years, while Shellshock wasn’t discovered for 22 years.
But the uproar died down rather quickly. Open-source programmers responsible for Bash wrote a patch within hours of discovering Shellshock; Apple released an OS update within three days; Google said its Android devices actually used a Bash alternative; and, as of this writing, the millions of network attacks expected hadn’t panned out.
FireEye did identify significant attacks against Network Attached Storage (NAS) systems, large networked hard drives that many businesses use to store data. But cybersecurity experts noted that, even before Shellshock hit the scene, most protected networks possessed adequate enough safety measures to avoid such an exploit.
With the panic behind us, what’s the number-one takeaway from the Shellshock uproar? NETWORK SECURITY IS A MUST! This goes beyond strong passwords and diligently avoiding scams, though. And it requires the help of an IT partner you can trust to keep your critical business systems and data safe. Here are a few vital elements to any network security solution:
- Continuously updated anti-virus, anti-spyware, anti-malware, and anti-spam programs
- A sturdy firewall to prevent unauthorized access to your network
- Virtual private networks (VPNs) to provide you and your employees with secure remote access
- Intrusion prevention systems to identify rapidly growing threats like Heartbleed or Shellshock
- And, most importantly, proactive monitoring and management solutions that solve problems before they occur
Without these basic components of a sound network security policy, your employees, your data, your equipment, and your business are subject to cyberattacks, email hacks, password scams, malware infections, and other exploits. These can damage your reputation, bring productivity to a screeching halt, and end up costing thousands of dollars that could have been more wisely spent on IT security in the first place.
If you’re shaken up by the Shellshock bug or concerned about whether you’ve been affected, contact CMIT Solutions today. We understand the critical nature of network, data, and online security, and we work tirelessly to transform the solutions that keep you safe into critical competitive advantages.