Banks & Finservs, Among Most Targeted Sectors by Hackers

Banks and financial service organizations are among the most highly targeted segments by cybercriminals, receiving an average of almost a thousand attacks daily targeted at web apps, according to a new research report.

The study, “Web Application Attacks Statistics 2017,” from Framingham, Mass.-based enterprise security firm Positive Technologies, also saw an acute increase in cross-site scripting attacks against banking customers, wherein cybercriminals alter web page code.

The study described the chief tendencies, threats, and challenges related to web application attacks throughout 2017, in addition to outlooks for 2018. It also explained how weaknesses in web applications have allowed hackers to damage diplomatic relations, acquire patent lists from plastic surgery clinics, swipe huge sums from cryptocurrency exchanges, and execute other wide-ranging attacks.

The most common types of cyberattacks remained the same in 2017 as previous years, with cross-site scripting making up almost one-third of all incursions. Other prevalent attacks encompassed the capacity to gain access to data or execute commands on the server, including SQL injection, path traversal, local file inclusion, and remote code execution and OS commanding.

The most strongly targeted segments in 2017 were IT and finance (the latter including both financial institutions and e-procurement platforms), which had daily attack rates of 1,014 and 983 respectively. IT companies offer an appealing mark because of the passivity in penetrating a clients’ structure. The NotPetya ransomware outbreak, for example, started with an accounting software developer hack.

Web apps are a bank security weakness. Hackers, who can rip-off users of online banking or payment systems, continue to target bank sites to infiltrate inside and steal funds via banking systems.

Another dominant trend in 2017 was the boom in cryptocurrency and initial coin offerings. In most attacks on cryptocurrency exchanges and ICOs, hackers took advantage of poor web application safekeeping. Examples: attacks affecting CoinDash and Enigma Project, where hackers altered the cryptocurrency wallet address displayed on an ICO site so that investors would unknowingly transfer funds to an attacker-controlled wallet.

The report also mentioned government websites as a continuous mark for attackers in 2017, getting an average of 849 daily attacks per organization. Last February, hackers modified the websites of embassies and government authorities around the world to contaminate visitors’ computers with spyware. Later in the year, the site of the U.S. National Foreign Trade Council experienced a comparable occurrence.

Planting false news on normally reliable websites—such as the official page of a foreign ministry—can trigger scandals and international outrage. One such incident last year in Qatar made-up statements ascribed to the nation’s emir, leading to a diplomatic ruckus with other countries in the region. Hackers also seek the websites involved in presidential and parliamentary elections. The upcoming high-profile international event the 2018 World Cup, is likely to draw many attacks including denial-of-service and defacement attacks as well as incidents impacting users.

The report also described attacks on healthcare web applications, which on average received 731 attacks daily. In one incident involving a Lithuanian plastic surgery clinic, hackers published over 25,000 naked “before” and “after” photos of patients. The hackers demanded a ransom from both the clinic (EUR 344,000) and individual patients (up to EUR 2,000).