sb-as logo
Story image

Financial institutions' websites most frequently attacked – report

02 Jul 2019

Positive Technologies today released a new research report, Attacks on Web Applications: 2018 in Review, which lists the main threats to modern web resources.

The analysis, covering over a million attacks, used web attack statistics collected by Positive Technologies Application Firewall.

For this research, experts selected 140,000 attacks which targeted specific sites and created an attack chain.

These chains make it possible to identify the attackers' steps.

The study showed that the three most common attacks are simple and effective: SQL Injection, Path Traversal, and Cross-Site Scripting.

However, the experts noted some peculiarities for specific sectors.

The share of information leakage attacks has also doubled.

This is an attack that is especially prevalent with government websites, making up 67% of attacks.

Malicious actors often use these attacks to analyse systems, determine system version and configuration, and access service information.

Once attackers have that information, they can stage targeted attacks.

The experts also note that government institutions’ websites are still exposed to dangerous attacks aimed at gaining server control and stealing database information.

This means gaining control of the attacked website, having access to the OS and to all files on the server.

Positive Technologies experts assert that all websites, regardless of sector, are attacked daily.

In the case of a targeted attack, it is possible to correlate the different stages and reconstruct the attack chain.

A chain can contain dozens, hundreds, or even thousands of events a day.

The report concludes that the greatest daily number of attack chains per application was found on the sites of financial institutions (151 chains) compared to other industries. 

Having visibility of the whole attack chain enables businesses to have a holistic overview of hacks to localise threats and protect resources more effectively.

Positive Technologies cybersecurity resilience lead Leigh-Anne Galloway says that risk-wise, web applications of financial institutions are different from the rest.

“Even the risks related to sites compromised are high. For instance, if the official bank site is used to distribute malware or stage phishing attacks, customers will be the first to be hit. Attacks on customers top the list of attacks on web applications of financial institutions.

“As regulation has levelled the playing field between fintechs and digital challengers, traditional banks’ market dominance is being threatened. Customers now have more choice on who to bank with and are more brand-agnostic. This means traditional banks risk losing customers if their systems are not robust and secure.”

Transportation companies rank second in the number of attack chains (135 a day), right after financial institutions.

Their web resources support online payments, for instance, for buying tickets.

This attracts hackers interested in users' payment cards.

Next on the list of most attacked web resources were hospitality and entertainment companies with 114 attack chains a day.

Attackers are drawn to the valuable personal and payment data these industries have at their disposal to hack.

Galloway continued; “Increasingly, the attacks target the personal and payment data of customers. Most of 2018’s attacks (42%) were aimed at data theft. We also see attacks aimed at infecting a site with malware, which allows hackers to reach more victims and use vulnerable sites for targeted attacks.”

Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
SASE vs zero trust – or the best of both worlds
Zero trust and SASE work together by converging a least-privilege access strategy with an architecture that simplifies how highly distributed users, BYOD, and cloud resources are secured.More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More