A bug in systems running on Mac and Linux computers has put hundreds of millions of users at risk of their information being stolen by cyber thieves, experts have warned.
The bug, dubbed “shellshock”, has been identified as a major risk for businesses and could affect millions of websites.
But firms in the North Sea might be better prepared for the potential attacks because of their attention to risks in the workplace, an expert from KPMG has said.
George Scott, Head of Information Protection and Business Resilience for KPMG in Scotland, said the bug provides a gateway to cyber-criminals, giving them access to run programmes, copy, write and delete files without the victim’s awareness.
The flaw has been discovered in a software component known as Bash, which is a part of many Linux systems as well as Apple’s Mac operating system.
Mr Scott said: “Shellshock represents a significant threat to businesses across Scotland, including North Sea operators, particularly those who operate Unix and Mac OS systems.
“The attack itself exploits a vulnerability in a key component of webservers and it’s likely that millions of web sites on the internet could be affected.
“While there are some clear steps that will quickly and significantly reduce a company’s exposure to hackers, the scale of the task means it could take months or even longer before all vulnerable machines become fully protected.
“Like many forms of cyber-attack, Shellshock can be used to embed software in an organisation which will covertly gather all sorts of data, including contact information and security credentials, over an extended period.
“Once cyber criminals have access, they can run programs, copy, write and delete files without the user knowing it’s happened.”
He said that current anti-virus software would be limited in its ability to detect these threats.
“Prevention, though at times difficult, is better than cure,” he said.
“Sophisticated attacks can take a long time to detect and potentially even longer to eradicate.
“It’s a bit like finding that the family home has had a long-standing woodworm infestation and may need expensive treatment to correct, or in serious cases a complete rebuild may be the only option.”
But he said that North Sea operators could be “one step ahead” of other industries because of their attitude towards health and safety.
“It is commonplace for every part of an oil and gas business to undergo regular safety training and awareness routines so that it is the industry’s number one priority,” said Mr Scott.
“By adopting similar principles and approaches, oil and gas operators in the North Sea could lead the way in terms of cyber security with a lower level of investment required as the culture already exists.”
On Tuesday 30th September KPMG will host a major cyber security seminar in Edinburgh where business can learn more about the issues affecting data privacy and the practical considerations they should be aware of if they want to avoid the consequences of a major breach, such as those arising from attackers exploiting the Shellshock vulnerability.