Banks Are Making It Easy For Hackers

Uploaded on 2019-04-18 in FREE TO VIEW, BUSINESS-Services-Financial

Over 60% of online banking has very low levels of cyber protection with over fifty percent being at risk to fraud and theft of money. This is because online banking currently has many critical cyber security vulnerabilities with very low levels of protection. 

Much of this data comes from a recent report by Positive Technologies called Vulnerabilities In Online Banking Applications 2019.

Attackers can use a number of vulnerabilities to gain unauthorised access to clients' personal data and, in some cases, sensitive bank information such as account statements and payment orders. Every online bank analysed in 2018 had at least one vulnerability enabling such access. This threat is particularly relevant for applications harboring authentication and authorisation mechanism flaws. 

Online banking developers often make errors in implementing single sign-on (SSO) based on the OAuth 2.0 protocol, which can lead to interception of credentials sent via an insecure protocol and session hijacking by an attacker. Consequently, most online banks contain critical vulnerabilities that can cause severe problems if they are used by attackers, the analysis for the report found. 

According to the report, over half (54%) of online banks allowed fraudulent transactions and theft of funds, and all had threats of unauthorised access to client and company information such as account statements and payment orders.

A lot of this critical information is sold on the Dark Web for as little as $22. Often the problems arise from banks not using appropriate passwords.

News By CSI:

You Might Also Read:

Security Flaw Puts UK Bank Customers At Risk:

Barclays Fights Off Cyber-Attacks Daily:

 

« Thales Spends £4.8Bn To Deliver Full - Range Cybersecurity
US Head of Homeland Security’s Departure Raises Questions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

CERT-FR

CERT-FR

CERT-FR is the French national government computer security incident response team.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Obrela Security Industries

Obrela Security Industries

Obrela provides security analytics and risk management services to identify, analyze, predict and prevent highly sophisticated security threats in real time.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.