Banks Are Making It Easy For Hackers

Uploaded on 2019-04-18 in FREE TO VIEW, BUSINESS-Services-Financial

Over 60% of online banking has very low levels of cyber protection with over fifty percent being at risk to fraud and theft of money. This is because online banking currently has many critical cyber security vulnerabilities with very low levels of protection. 

Much of this data comes from a recent report by Positive Technologies called Vulnerabilities In Online Banking Applications 2019.

Attackers can use a number of vulnerabilities to gain unauthorised access to clients' personal data and, in some cases, sensitive bank information such as account statements and payment orders. Every online bank analysed in 2018 had at least one vulnerability enabling such access. This threat is particularly relevant for applications harboring authentication and authorisation mechanism flaws. 

Online banking developers often make errors in implementing single sign-on (SSO) based on the OAuth 2.0 protocol, which can lead to interception of credentials sent via an insecure protocol and session hijacking by an attacker. Consequently, most online banks contain critical vulnerabilities that can cause severe problems if they are used by attackers, the analysis for the report found. 

According to the report, over half (54%) of online banks allowed fraudulent transactions and theft of funds, and all had threats of unauthorised access to client and company information such as account statements and payment orders.

A lot of this critical information is sold on the Dark Web for as little as $22. Often the problems arise from banks not using appropriate passwords.

News By CSI:

You Might Also Read:

Security Flaw Puts UK Bank Customers At Risk:

Barclays Fights Off Cyber-Attacks Daily:

 

« Thales Spends £4.8Bn To Deliver Full - Range Cybersecurity
US Head of Homeland Security’s Departure Raises Questions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

DEFENTEK - National Security Informatics

DEFENTEK - National Security Informatics

Defentek (aka National Security Informatics) is a technology consortium covering a broad spectrum of intelligence computing solutions and interception technologies.

Acumera

Acumera

Acumera is a leader in managed network security, visibility and automation services.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

VMware

VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.

SecureDNE

SecureDNE

SecureDNE are a leading provider of cutting-edge Fractional CISO, Managed Cybersecurity Services, and Cybersecurity Engineering Solutions.