By Ian Barker Posted on 10/3/2014
It's now just over a week since news of the Shellshock bug broke and analysts are still trying to work out just how much of an impact it could have.
Security specialist Incapsula has been tracking the vulnerability to get an idea of its magnitude, looking at the number of sites attacked and the damage caused.
The company says it has so far stopped 310,928 exploit attempts, an average of over 1,800 per hour. A spike in attacks over 27/28 September it says was partly down to attackers moving quickly and partly to businesses testing their own vulnerability.
Of the total traffic around 94 percent was some form of attack in the form of scans, server hijack attempts and DDoS malware seeding. Writing on the Incapsula blog co-founder Marc Gaffan says, "The highjack attempts were the most immediately troubling, comprising about 20 percent of the total. Scans and DDoS malware seeding made up the remaining 70 percent or so. To answer the question of how dangerous the vulnerability is, my experience leads me to believe that this may well be the calm before the storm. This appears as if a lot of criminals are setting the stage for future attacks".
betanews/ article/ http://betanews.com/2014/10/03/shellshock-we-aint-seen-nothing-yet/
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.