Banks Are Making It Easy For Hackers

Over 60% of online banking has very low levels of cyber protection with over fifty percent being at risk to fraud and theft of money. This is because online banking currently has many critical cyber security vulnerabilities with very low levels of protection. 

Much of this data comes from a recent report by Positive Technologies called Vulnerabilities In Online Banking Applications 2019.

Attackers can use a number of vulnerabilities to gain unauthorised access to clients' personal data and, in some cases, sensitive bank information such as account statements and payment orders. Every online bank analysed in 2018 had at least one vulnerability enabling such access. This threat is particularly relevant for applications harboring authentication and authorisation mechanism flaws. 

Online banking developers often make errors in implementing single sign-on (SSO) based on the OAuth 2.0 protocol, which can lead to interception of credentials sent via an insecure protocol and session hijacking by an attacker. Consequently, most online banks contain critical vulnerabilities that can cause severe problems if they are used by attackers, the analysis for the report found. 

According to the report, over half (54%) of online banks allowed fraudulent transactions and theft of funds, and all had threats of unauthorised access to client and company information such as account statements and payment orders.

A lot of this critical information is sold on the Dark Web for as little as $22. Often the problems arise from banks not using appropriate passwords.

News By CSI:

You Might Also Read:

Security Flaw Puts UK Bank Customers At Risk:

Barclays Fights Off Cyber-Attacks Daily:

 

« Thales Spends £4.8Bn To Deliver Full - Range Cybersecurity
US Head of Homeland Security’s Departure Raises Questions »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

Check Point SASE

Check Point SASE

Check Point SASE (formerly Perimeter 81) is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

SIXGEN

SIXGEN

SIXGEN provides incident response, operational and penetration testing, red teaming, tool development, cyber training development and continuous monitoring.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.