Shellshock is a Linux-targeting vulnerability that was discovered in late 2014 and published as CVE-2014-6271. The most common attack method is to send a command sequence to the web server to be interpreted with the BASH. A Shellshock attack can be carried out for the low price of 4.95 euros, or just a little more than $5, a month. The level of knowledge and effort required is quite low. Fraudsters can launch attacks against hundreds of different IP addresses per minute and wait to hit a vulnerable server by chance.”]
Source: https://securityintelligence.com/cheap-shock-why-shellshock-is-still-a-thing/