Online Bank Accounts Among Hackers’ Favorite Targets

Online bank accounts are among the most favorite of targets for all hackers, as per a recent survey report.

A report published by Positive Technologies (a global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection) points out that of all the websites, banking and finance websites have the greatest risk of getting hacked.

A Positive Technologies press release on the report, which is based on a study of web application vulnerabilities, says- “As expected by Positive Technologies experts, finance web applications (46% of all tested web applications) were at the greatest risk, with high-severity vulnerabilities found in 100% of tested banking and finance web applications…In fact, web applications at banks and other financial institutions, as well as governments, draw the most attention from hackers, as confirmed in a series of Positive Technologies reports.”

Positive Technologies has collated the study results through its automated source code analysis, through the PT Application Inspector; the study, conducted in 2017, has found vulnerabilities in every single web application that has been tested. 94 percent of applications tested for the study had at least one high-severity vulnerability, which shows that websites are always a critical weakness for organizations. The report also breaks down vulnerabilities according to severity level; most of the vulnerabilities detected (65 percent) were of medium severity while 27 percent were recorded as high-severity vulnerabilities.

The primary target for hackers, as per the report, is always the average user. Government app users, on account of not being security savvy, are also targeted a lot. These inferences have been made after assessing the potential impact of the detected web application vulnerabilities, based on which the researchers have also compiled a list of the most common security threats. The Positive Technologies press release says- ” The number-one threat is attacks that target web application users. Alarmingly, 87 percent of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users. Users of government web applications in particular tend to not be security-savvy, which makes them easy victims for attackers.”

Coming to the vulnerabilities detected, the most common one was Cross-Site Scripting, which affected 82 percent of tested web applications. Using Cross-Site scripting, hackers carry out phishing attacks against web application users or infect their computers with malware. The study found that other critical vulnerabilities, like for example SQL Injection, also found their way into government web applications.

DOS (Denial of Service) attacks too were common, especially targeting e-commerce web applications.

The Positive Technologies press release quotes the company’s Cyber Security Resilience Lead Leigh-Anne Galloway as saying- “Web applications practically have a target painted on their back. A large number of unfixed, exploitable vulnerabilities is a windfall for hackers, who can use these flaws to steal sensitive information or access an internal network. Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code.”