Directory Image
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.

5 Security Threats More Dreadful Than Shellshock or Heartbleed Viruses

Author: Brook Perry
by Brook Perry
Posted: Oct 22, 2014

Who doesn’t know about Heartbleed and Shellshock: the two most heinous security threats reported in recent past. Heartbleed was an attack on the OpenSSL cryptography library. It affected the websites around the world. It was a highly dangerous threat as it is difficult to expose and patch this vulnerability. According to an AVG report, even now there are around 12,000 sites 800,000 in the world that are still open to attack.

Shellshock is the most recent and it came into notice as a deadly security threat. It uses the vulnerability in the UNIX Bash shell. It is basically a part of the Linux operating system (OS) and it was a matter of worry for IT security experts because this threat can also compromise devices other than computers, which are not regularly patched.

Security experts consider Heartbleed and Shellshock as just the start as they are pondering that similar threats are very much possible to crop up. Thus they are analyzing the possible vulnerabilities, which could be open to attack.

In line with this thought, listed below are five Security threats, which are considered to be more dreadful than Shellshock or Heartbleed.

1. In-Transit Encryption

The main concern with this attack vector is its ability to take advantage of extremely popular online services like Google Drive and Dropbox. These services are frequently used for business purposes. According to Istvan Lam, the CEO and Founder of Tresorit, "Data in-transit is not encrypted and also not protected before it reaches the cloud, leaving it extremely vulnerable to attacks." This statement elaborates the fact that if the service provider itself is ever compromised, then the data stored within that cloud service can get compromised too. The only security move that can help the enterprises for the time being is to create more stringent policies for using these cloud services.

2. Android attacks

One of the major probable attacks in the enterprise ground pertains to the Android operating system (OS). It has been used by millions and millions of smartphones and tablets users. Many of the Android gadgets are even used within corporate environment, and thus Android OS gets more attractive to hackers, who are interested in stealing the data of large corporations.

Benjamin Caudill, a Principal Consultant at Rhino Security Labs states, "Due to the high segmentation of the Android market, over 95% of all mobile malware is on Android." It further emphasizes the fact that while smartphone attacks don't appear to be any different than those on PC attacks but a smartphone is indeed more vulnerable to the attacks. This is so because an infected mobile device can be activated remotely, and thus location of the device and conversations triggered through it can be tracked.

3.Open source application server

An open source application server is another ripe area for exploitation. According to Bryan Alexander, a senior security consultant for Coalfire Labs, these open source apps servers that are mainly used for enterprise tools like SugarCRM, can be very easily mismanaged and thus they are highly vulnerable for attacks. He conducted a research using a penetration testing toolkit. According to the research findings, 60% of the testing scenarios with an application server involved, hinted towards vulnerability.

If security threats to be controlled in case of servers, then those who are operating these servers must conduct code reviews to find out the potential security flaws.

4. Point-of-sale (POS) systems

Another deadly attack that the security experts are imagining pertains to POS systems used in retail operations. We are aware of the individual attacks on POS systems of companies like Target and TJ Maxx in the US. But the latest concern as pointed by Eric Cowperthwaite, a vice president for strategy at Core Security, is that the attacks on POS systems are likely to become more widespread.

This is because executing these attacks is very easy. A single vulnerability in a vendor's POS system code is a fault, which is enough to design and execute a massive hack that can penetrate into multiple retail operations all at once. Cowperthwaite highlighted that it has become a trend in recent years that six or seven major retailers are getting compromised. Yet the POS hole is not getting plugged, which clearly hints towards upcoming more widespread attacks.

5. Mobile device ransoms

There is one unusual security threat. It’s unusual as it is not related to open source cryptography or cloud encryption. According to Troy Hunt, a security expert for the tech training portal Pluralsight, this new problem is a concern for large companies and it is more serious and impactful than Heartbleed or Shellshock. The threat can be understood as a situation, when hackers will be stealing a client device like an iPhone or an Android tablet and then will hold the device as a ransom for a large sum.

The aforementioned threats are the possible vulnerabilities that, security experts are predicting. We can just hope that fixes to these threats get available as soon as possible.

About the Author: Hi! I am Brook M. Perry, a prolific blog writer and keen author of articles related to computer security and solution for issues related to computers and mobile devices. Being associated with the reputed best pc tuneup service provider Qresolve, I have resolved thousands of tech issues for our customers from worldwide. computer virus removal My areas of interest are PC security, endpoint security system, router support etc.

About the Author

Brooke M. Perry is an ardent technician associated with Qresolve computer security, with wide experience of fixing issues with PCs, laptops, tablets and smartphones.

Rate this Article
Leave a Comment
Author Thumbnail
I Agree:
Comment 
Pictures
Author: Brook Perry

Brook Perry

Member since: Oct 25, 2013
Published articles: 70

Related Articles