Banks Are Making It Easy For Hackers

Uploaded on 2019-04-18 in FREE TO VIEW, BUSINESS-Services-Financial

Over 60% of online banking has very low levels of cyber protection with over fifty percent being at risk to fraud and theft of money. This is because online banking currently has many critical cyber security vulnerabilities with very low levels of protection. 

Much of this data comes from a recent report by Positive Technologies called Vulnerabilities In Online Banking Applications 2019.

Attackers can use a number of vulnerabilities to gain unauthorised access to clients' personal data and, in some cases, sensitive bank information such as account statements and payment orders. Every online bank analysed in 2018 had at least one vulnerability enabling such access. This threat is particularly relevant for applications harboring authentication and authorisation mechanism flaws. 

Online banking developers often make errors in implementing single sign-on (SSO) based on the OAuth 2.0 protocol, which can lead to interception of credentials sent via an insecure protocol and session hijacking by an attacker. Consequently, most online banks contain critical vulnerabilities that can cause severe problems if they are used by attackers, the analysis for the report found. 

According to the report, over half (54%) of online banks allowed fraudulent transactions and theft of funds, and all had threats of unauthorised access to client and company information such as account statements and payment orders.

A lot of this critical information is sold on the Dark Web for as little as $22. Often the problems arise from banks not using appropriate passwords.

News By CSI:

You Might Also Read:

Security Flaw Puts UK Bank Customers At Risk:

Barclays Fights Off Cyber-Attacks Daily:

 

« Thales Spends £4.8Bn To Deliver Full - Range Cybersecurity
US Head of Homeland Security’s Departure Raises Questions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

Vaadata

Vaadata

Vaadata are experts in ethical hacking. We secure your web, mobile and IoT platforms.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Cognyte

Cognyte

Cognyte are a market leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a safer world.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

Harbor Networks

Harbor Networks

Harbor Networks is a communications systems integrator and managed services provider. We provide business consultation services for voice and data communication technology.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.