Threat Profiling Essay Example

  • Category:
    Logic & Programming
  • Document type:
    Assignment
  • Level:
    Undergraduate
  • Page:
    3
  • Words:
    1724

PROFILING A SECURITY VULNERABILITY THREAT 11

Profiling a Security Vulnerability Threat

Profiling a Security Vulnerability Threat

Executive summary

The following paper presents a detailed and profiled analysis of a recently identified security vulnerability threat to both big corporations and small businesses. In particular, it focuses on shellshock security vulnerability bug, which was first identified in 2014. It is commonly found in computers operating using the UNIX and Linux based computer systems, thus managing to cause widespread havoc for open-source software. Additionally, this profiled analysis has identified that this vulnerability has resulted to millions of attacks on unpatched systems since it was first disclosed publicly. Lastly, the paper recommends a wide array of defence strategies that exist, in which businesses can deploy to avoid or mitigate such attacks.

Table of Contents

1.0 Introduction 2

2.0 Threat Profile 2

2.1 Description 2

22.2 Vulnerabilities

22.3 Risk Assessment

2.3.1 Likelihood Estimation 2

2.3.2 Severity Estimation 2

2.3.3 Impact 2

2.4 Mitigation Strategies 2

2.6 International Scope 2

3.0 Conclusion 2

1.0 Introduction

In the recent past, there has been an exponential rise in the number of cyber-attacks that are aimed to all internet users, spanning from both large multinational companies to home users (Stay Smart Online, 2015). Based on their complexity, frequency and high levels of sophistication, these attacks have resulted to disruptions of major businesses operations and growth. Consequently, it has therefore become vital particularly for security professionals working in corporations to keep abreast with latest developments in threats and attacks related to security. One of the major benefits that such awareness presents is the ability to update their risk profiling abilities, which are the quantitative analysis of threats that their organizations could experience. Secondly, there are able to comprehensively contextualize and deal with both existing and emerging vulnerabilities, thus acting as powerful weapons against malicious hacker attacks that could compromise their systems (Gelbstein & Kamal, 2012). The following paper will thus aim to identify a recently identified security flaw, how it attacks on systems and mitigation strategies that can be applied to counter it. In addition, the risks that the vulnerability poses to organizations will also be listed.

2.0 Threat Profile

A threat profile is a very important concept that aims to identify a complete set of threats that given systems and applications might encounter (McAfee, 2015). For a threat profile to be conclusive, it is integral to critical analyse the various axioms that constitute a threat. The following section will thus aim to provide a detailed analysis of shellshock security bug by providing its detailed description, vulnerabilities associated with it, risk assessment modules and the mitigation strategies that businesses can deploy to minimize on risks of attacks. Additionally, tables and statistics will also be provided, which aim to provide a graphical representation of the threat’s vulnerability impact and severity estimation.

2.1 Description

McAfee (2015) defines shellshock as a security vulnerability that allows attackers to process and execute a large number of commands and requests on the bash system program, which is the default interface in command line execution of most Linux based systems. The original bug was first identified on 12th September 2014 and later announced to the public two weeks later, after updates had already been developed to fix the systems. After the initial release, a variety of interrelated bugs were also identified that were as a result of poor design flaws. Up to date, there have been millions of shellshock reported attacks (Cloud Flare, 2014).

2.2 Vulnerabilities

The shellshock vulnerability thus creates a wide range of weaknesses that attackers can manipulate to spot weaknesses and flaws susceptible to a system. Due to the vital role that the bash shell plays in a system, it therefore becomes easier for hackers to control the whole system by runningand executing remote commands and code on any affected system or servers. Additionally, other common programs like SSH, CGI scripts and telnet, which rely on the bash shell for execution are also affected, thus making the exploitation of the vulnerability easier and rampantMcAfee (2015). A wide range of vulnerabilities and potential areas of exploit therefore exist.

Among the most common vulnerability exists in servers like apache which heavily rely on CGI scripts for their operation. As most CGI scripts are mostly written in bash. For such corporations using Linux web servers, hackers can thus be able to modify information contained in a website, change code contained in the website, steal user information from databases or even change authentication permissions (Trend Micro, 2014).

Secondly, shellshocks also result to denial-of-service attacks on web servers. As this type of vulnerability is able to make communications with the servers, attackers can consequently command such servers to sleep or stay idle. Such numerous commands consequently results into functionless servers which are unable to offer services to legitimate user requestsMcAfee (2015). Users running on apache Cygwin windows systems were also identified to being at risk of such attacks, where hackers could get elevated access to administration privileges.

Based on the high number of systems that run on Linux, it therefore becomes a very crucial vulnerability that security professions should be well equipped on.

2.3 Risk Assessment

Risk assessments are very integral processes that allow professionals to identify certain hazards and evaluated any potential risk associated with it. In the context of risk –assessing shellshock vulnerabilities, it would therefore allow security experts to create awareness of hazardous and control measures to apply in combating them.

2.3.1 Likelihood Estimation

Based on the fact that shellshock vulnerabilities can be exploited remotely, millions of users are therefore at a very high level of the risk of attack. A report tabled by Security Week (2014) identified that four days after the vulnerability had been made public; over 217,000 exploit attempts were detected. McAfee Labs however noted that based on the high level of response from security experts, the likelihood of similar attacks have been drastically reduced with a minimal number of successful attacks happening in 2015.

Threat Profiling

Graph showing the rise and decline of shellshock attacks after the official release.

2.3.2 Severity Estimation

While the decline of shellshock vulnerabilities have decreased in number over the past few months, statistics on its initial assessment severity estimation was however high. The Independent (2014) noted that severity of the attack posed risks to millions of systems, leading to agencies like the US Department of Homeland Security to issue warning reports. Over half a billion servers thus required the immediate upgrade of their systems (Trend Micro, 2014). It has also been reported that over 1 billion shellshock vulnerabilities attacks have occurred (Security Week, 2014).

2.3.3 Impact

The impact of the vulnerability and associated attacks was identified as to being very high, which is essentially a scale of 10/10 (McAfee, 2014). Additionally, it categorizes its impact and severity as follows.

Category

Shellshock Base Score

Impact sub-score

Exploitability sub-score

Access Complexity

Access Vector

Exploitable over a network

2.4 Mitigation Strategies

In order to reduce on the risks of such a dreadful attack, it is paramount to enact varied mitigation plans geared at minimizing the risks of an attack. One of the best mitigation strategies is to ensure that systems are patched frequently with the latest patch systems (Trend Micro, 2014). In the process, security professions can be able to identify their most vulnerable systems, which are among the most critical to an organization. Access should also be greatly limited for these vulnerable systems to avoid putting them at higher levels of risks(Security Week, 2014).

Another important mitigation strategy is to segment and isolate networks in a system. McAfee advices that one of the best ways to do this is via completely separating externally connected machines and software with internal operating systems. This form of networking zoning is crucial as it allows that the spread of a virus or an attack is limited and isolated which makes it easier to minimize effects and countering of such attacks.

Lastly, large security corporations like Fire-Eye and F5 have developed over-the-web firewalls that provide an additional layer of security. Professional are thus able to identify threats and measure their impact before they materialize. These advanced firewalls also allow the creation of environment-relevant signatures that prevent injections thus would result in loss of data (Trend Micro, 2014).

2.5 Law

The proliferation of this cyber related attacks has had a great deal of changes not only in the computer security realms but also in the legal fields. In Australia for example, The Coalition has been pushing forward for the introduction of new laws that require making all companies to report hacking incidents (The Australian, 2015). Changes the Privacy Act ensures that victims of cyber-attacks can be minimized as most businesses did not meet rapid response standards.

2.6 International Scope

Based on the high degree of threat that the shellshock vulnerability caused, most security researchers around the world collaborated to zero-in and find solutions to such a prevalent vulnerability (Gelbstein & Kamal, 2012). Additionally, the vulnerability also made international headlines, as it threatened the destruction of the internet’s backbone. This led to large security department like the US Department of Homeland to issue alerts to sensitive people on the best risk management practises (BBC, 2014).

3.0 Conclusion

It is evident that the numbers of cyber-attacks have been on the rise, both on frequency and complexity. It is therefore vital for security professional to ensure that keep abreast with new developments in security threats and attacks. This is due to the emergence of new and highly complex vulnerabilities such as shellshock, which are prevalent in addition to being newer forms of cyber-attacks(Security Week, 2014). Nevertheless, businesses should ensure that they effectively mitigate over risks that may occur due to such vulnerabilities which include the continuous patching of systems that are at higher risks of infections.

References

BBC. (2014). Shellshock: ‘Deadly serious’ new vulnerability found. BBC Technology.

Cloud Flare. (2014). Inside Shellshock: How hackers are using it to exploit systems. CloudFlare.

Gelbstein, E. & Kamal, A. (2013). Information Insecurity: A Survival Guide to the Uncharted Territories of Cyber-threats and Cyber-security. United Nations Publications.

McAfee. (2015). McAfee Labs Threats Report. Intel Security.

Stay Smart Online. (2014). Severe Bash vulnerability affects Unix-based systems including Linux and Mac OSX. Australian Government.

The Australian. (2015).Coalition moves to tighten privacy laws. National Affairs. Accessed from http://www.theaustralian.com.au/national-affairs/coalition-moves-to-tighten-privacy-laws/story-fn59niix-1227292339848

Trend Micro. (2015). Vulnerabilities under attack: Shedding light on the growing attack surface. TrendLabs.