Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter’s infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in applications previously thought safe. Below is a timeline of events that Shellshock unraveled.
Figure 1. A timeline of events that illustrate the Shellshock exploitation that took place last quarter.
Apart from threatening to wreak havoc on over half a billion servers and Linux and UNIX systems worldwide, Shellshock also proves that cybercriminals and attackers still target systems that users may tend to overlook. Case in point, the third quarter also exposed several loopholes in point-of-sale (PoS) systems, whose threats appear to be growing as evidenced by last quarter’s Home Depot data breach.
Vulnerabilities were also seen in Android-based devices with over 75% of Android users affected by both FakeID vulnerability and Android browser flaws. Here’s a breakdown of the Android OSes affected by these vulnerabilities that we’ve also included in our report:
Figure 2. Android Operating Systems Affected by FakeID and Android Browser Vulnerabilities.
Apart from targeting the mobile platform, threat actors also utilized vulnerabilities to launch attacks, which signaled a dire need for network administrators to be able to spot indicators of compromise (IOCs) and implement effective network monitoring.
For more details about these and other security threats in the third quarter, check our security roundup titled Vulnerabilities Under Attack: Shedding Light on the Growing Attack Surface.