Banks Are Making It Easy For Hackers
Over 60% of online banking has very low levels of cyber protection with over fifty percent being at risk to fraud and theft of money. This is because online banking currently has many critical cyber security vulnerabilities with very low levels of protection.
Much of this data comes from a recent report by Positive Technologies called Vulnerabilities In Online Banking Applications 2019.
Attackers can use a number of vulnerabilities to gain unauthorised access to clients' personal data and, in some cases, sensitive bank information such as account statements and payment orders. Every online bank analysed in 2018 had at least one vulnerability enabling such access. This threat is particularly relevant for applications harboring authentication and authorisation mechanism flaws.
Online banking developers often make errors in implementing single sign-on (SSO) based on the OAuth 2.0 protocol, which can lead to interception of credentials sent via an insecure protocol and session hijacking by an attacker. Consequently, most online banks contain critical vulnerabilities that can cause severe problems if they are used by attackers, the analysis for the report found.
According to the report, over half (54%) of online banks allowed fraudulent transactions and theft of funds, and all had threats of unauthorised access to client and company information such as account statements and payment orders.
A lot of this critical information is sold on the Dark Web for as little as $22. Often the problems arise from banks not using appropriate passwords.
You Might Also Read:
Security Flaw Puts UK Bank Customers At Risk:
Barclays Fights Off Cyber-Attacks Daily:
