Banking and finance sites have the greatest risk for getting hacked, a new report says.
worst vulnerabilities were found in banking and finance web applications tested by Positive Technologies, a firm that provides internet security products for businesses.
“Greater complexity results in more opportunities” for hackers, according to the Positive Technologies report, which said banking applications are some of the most complex.
The hackers primary target is the average user. “The number-one threat is attacks that target web application users,” the report said. A whopping 87 percent of banking web applications tested by Positive Technologies were susceptible to these attacks.
Government app users are also big targets because they tend to be less security-savvy, making them easy victims, the said.
“We gained access to personal data of 20 percent of the applications that process user information, including bank and government websites,” the report added.
The most common vulnerability was Cross-Site Scripting, which allows attackers to perform phishing attacks, which can result in malware infection. In a phishing attack, the hacker sends, for instance, an email pretending to be a trusted entity like a bank or major shopping site, hoping to dupe you into clicking on the malicious link.
Denial of service (DOS) attacks – which block access to a website or service – are common. In 75 percent of e-commerce web applications, there are vulnerabilities enabling DoS attacks, Positive Technologies said.
“Denial of service is especially threatening…High-profile e-commerce web applications receive large amounts of daily visits, increasing the motivation for attackers to find vulnerabilities to turn against users,” the report said.
Employees are weak links
In a separate report released earlier this month, Positive Technologies said employees are often the gateway for attacks.
An alarmingly high percentage of employees download malicious files, click phishing links and even correspond with hackers, the report said.
Positive Technologies testers pretended to be hackers by sending emails to employees with links to websites or forms that required password entry, the report said. Of the 3,332 messages sent, 17 percent of these messages would have led to a compromise of the employee’s computer and possibly, the entire company.
The most effective method was to send an email with a phishing link. In that case, 27 percent of recipients clicked on the link. “Users often glance over or ignore the address, leaving them unaware that they are visiting a fake website,” the report said.
Source: New Your Post
You may think it’ll never happen to you. You read the news, hear about stories of a friend of a friend, but you never think that you’ll become a cautionary tale— that’s where you’re wrong.
Reached out to your IT guys immediately.
Companies are struggling to fend off cyber attacks as hackers get faster, sneakier and more creative.
A lot more than initially state
“Since you’ve installed Smart PSS AI Cameras at The Masters, Security here has been able to perform our job more efficiently! From catching dog walkers going through the Front Lobby, catching smokers on the property, to being able to talk to people parked in our roundabouts! This has made it easier to catch infractions and interact people, the camera’s AI has helped a lot as well with automated messages being given out to people idling in our roundabouts as I’ve have noticed people turn around and look at the camera and then move their car after hearing the custom pre-recorded message of my voice, which I feel gets more attention than a robotic voice. The system was easy to understand when either setting up new or editing “No Parking” zones, to recording and finding footage I’ve had no difficulty in operating this system!”
“I recently engaged TL Skynet to install new Artificial Intelligent (A.I) cameras on all exterior Lobby Entrances of the condominiums I manager in Toronto. The camera were recommended by TL Skynet to address the particular security needs facing these condos. Their unique solution not only addressed these security issues, but the product itself far exceeded expectations in performance and reliability. The team at TL Skynet were hands on during the installation and instruction process, making the new system's implementation seamless. Multiple instruction sessions were provided by TL Skynet, that were straight forward and easy to understand. Assistance has always been provided in a timely manner, addressing the issue, or providing an alternative solution thus preventing any loss of data or business operations due to down time. There is no other company I would trust with the corporation's security and IT needs than TL Skynet.”