Heartbleed and Shellshock Were the Least of Our Problems
Heartbleed and Shellshock both wreaked havoc as the world watched. They are at the top of most lists of security threats. However, they aren’t the only things that we should be worrying about – and they certainly aren’t the most dangerous threats out there.
Bad Days Ahead
AVG reported recently that of the top 800,000 websites in the world, around 12,000 are sitting open to attacks. They have no protection and have invested in no coverage whatsoever, and attack on these websites means an attack on the users attached to it. After Heartbleed and Shellshock analysts are now trying to figure out if more vulnerabilities can crop up and leave us open to further attacks. At times small windows of opportunity are taken up by hackers who find them which leads to great chaos. Recent analysis have outlined that there are much worse security issues out there that need to be dealt with.
- In-Transit encryption
Think services such as Drop Box or Google Drive. These are often used by businesses to get their workflow figured out and keep their employees on the same page. Data and information that is sent over to these services is encrypted only once it is stored. Which leaves a window open for a potential hack. We need to be more careful with security pertaining to these services since as recent times will tell us the impact of a breach can be truly awful. When the provider of a cloud service is compromised there is little the user can do. That is why service providers themselves need to start getting serious about the manner in which they deal with threats.
- Open Source issues
Before you start thinking about Android and Google hold on just a minute. An Open Source issue refers to application servers of this very nature. Tools for businesses such as SugarCRM are left open for attacks if this area is mismanaged. Bryan Alexander researched this area and found that in 60% of pentests this form of a server had a vulnerability. Where does that leave a business that is running on such a system? In a very bad lurch.
- ICMP Protocol
Heartbleed works by manipulating OpenSSL library vulnerabilities, however, that’s not the most vulnerable protocol that can be hit by a malicious piece of code. The Internet Control Message Protocol or ICMP is heavily used by network devices to communicate error messages. Any flaw within this protocol can help attackers actually make their way into different parts of the company’s IT infrastructure because ICMP is an inside element found within the IP. Every IP module quite literally has it so to speak. Data can be easily taken and sent off somewhere it shouldn’t go if someone is successfully able to crack this one.
There are plenty of vulnerabilities, and the recent attacks that keep happening on both computer and mobile devices is proof that threats are evolving at a great pace than solutions.