Bash Attack on NAS Systems

Tuesday, October 7, 2014 @ 09:10 PM gHale


Bad guys are making a move to leverage the Bash remote code injection vulnerability against Network Attached Storage (NAS) systems.

Attackers are exploiting the time-to-patch window in targeting embedded devices, said researchers at security firm FireEye.

RELATED STORIES
Shellshock Attacks Raging
Honeypot Finds Shellshock Attacks
Shellshock: Cisco Lists 31 Vulnerable Products
After Fix, New Bash Flaws Found

Attackers are going after the time-to-patch window and targeting embedded devices, specifically those made by QNAP, in order to append their SSH key to the authorized_keys file and install an ELF backdoor, researchers said in a blog post.

The sheer number of devices which run an embedded Linux OS mean the potential for wide scale compromise of network-connected personal and business data storage systems is very high. Smart or connected devices utilize similar set-ups as NAS boxes and may be just as vulnerable.

FireEye said the ongoing attack represents one of the first in the Shellshock attack against Internet of Things devices.

Target of the NAS box Shellshock attack are primarily in Japan and Korea with one additional target observed in the U.S. Two of their malware host servers are in Korea and the U.S., but there’s few other clues about the identity of the attackers, whose motives also remain unclear.



Leave a Reply

You must be logged in to post a comment.