The Bash bug, first exposed in September 2014, could be devastating for retailers and manufacturers this holiday season thanks to its wide distribution across Unix-based systems such as Linux and Mac. The Bash bug opened doors for hackers to access confidential information and take over systems with remotely-executed code, tacking on their malicious code to the environment variable in Bash, a command line shell in these systems.
The good news is that software companies started developing and distributing patches fairly quickly. There is bad news, however: some companies didn’t roll out all patches in a timely or comprehensive fashion. Oracle warned its users that more than 30 products were affected, but patches for only two products, Linux and Solaris, were immediately available. And many that did install patches may still be at risk because they failed to install subsequent patches that are required to fully close the vulnerability.
The fact that Unix-based systems are so intrinsic makes the problem particularly acute – delays in patching mean that many systems may have been vulnerable for a period of time long enough for hackers to install an intrusive bit of code. That code could still be sitting there, undetected, while hackers just wait for the right opportunity to pounce.
For hackers that want to maximize their holiday haul of personal information, including credit card numbers, what better time to pounce than the holiday season. On Black Friday and Cyber Monday, shoppers entered credit card information at unprecedented levels to score deals – and, unbeknownst to retailers, that command line interface vulnerability mentioned above may be exposing their customers’ data to hackers. Meanwhile, the retailer’s data security team is already fighting a fire somewhere else – Bash bug for some IT teams was relegated to lower priority.
It’s not certain that Bash bug-related hacks will bite retailers this holiday season, but the possibility is quite real and present. As we’ve seen in the past, large companies are by no means immune to hacking simply because they spend more liberally. Hackers are patient guests, and waiting is actually a good thing for them. And there’s no better time to exploit a weakness than the holiday shopping season. The question is, which retailers will top the hackers’ holiday list this year?
It’s not too late for retailers to act. Certainly, executive teams and boards of directors would support decisive action that avoids front-page scrutiny and potential embarrassment. While it’s always better to have a long term strategy for cybersecurity, sometimes it’s important to fight the fire in front of you – even if it’s only smoldering. Bash bug may be smoldering right now for some and every line of code should be examined.
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/opinions/bash-bug-grinch-christmas/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technology, Demand IT and Business Engagement, Digital and E-commerce, Leadership Talent, Infrastructure and Service Delivery, Project and Programme Delivery.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.