A former colleague of mine who used to work for a certain government agency out of Langley, Virginia (i.e the CIA) was fond of an Ian Fleming quote from Goldfinger: “Once is happenstance. Twice is coincidence. Three times is enemy action.”
In looking at our regular quarterly threat report for 3Q 2014, “Vulnerabilities Under Attack: Shedding Light on the Growing Attack Surface,” we can see in it an emerging trend that matches this saying. One of the most notable things about the third quarter is that it’s the second consecutive quarter to see a major security crisis result from vulnerabilities in widely deployed open source components.
In the second quarter of 2014 the Heartbleed vulnerability showed us how vulnerable OpenSSL and the products and services that rely on it can be. In the third quarter, we saw a nearly identical rerun of that crisis situation due to the Shellshock vulnerability affecting the bash command shell.
In two consecutive quarters, we saw security professionals and administrators scramble to protect widely vulnerable systems from easily exploitable vulnerabilities that put sites and services at serious risk. Meanwhile, regular people were left wondering how safe they were from this threat.
In many ways, it was a reminder of the bad old days of 2003 at Microsoft with Blaster and Slammer. Like in those days, the situation was made worse by a lack of clear, authoritative information, poor deployment and detection tools and options and the lack of a clear, comprehensive response process from the people in charge of the code.
Our report shows how serious the bash vulnerability was and how it’s part of a re-emerging trend of attackers targeting vulnerabilities. The key difference in this latest trend is that attackers have moved off of Microsoft Windows and are focusing now on open source components as well as devices like Netis routers.
Looking at what our third quarter report has to say about vulnerabilities affecting open source as part of an emerging trend, it’s easy to see the truth of Trend Micro’s CTO, Raimund Gene’s prediction that in 2015 we will see more attacks against vulnerabilities in open source components. There will be a third instance of this kind of situation in the near future. Because we already know what the saying tells us, that behind these situations there really is enemy action at work.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.