News

Hackers target SME bank accounts

Ian Grant

The bank accounts of small and medium sized companies have become hackers' favourite target during the first half of 2010, according to the Web Application Security Consortium.

An analysis of web-hacking incidents by Trustwave's SpiderLabs security research team showed:

  • Attacks on small to medium businesses' (SMB's) online banking accounts pushed banks to number three as a hacker target
  • Banking Trojans were fast becoming a favourite tool to steal bank credentials
  • Application downtime was on the rise due to denial of service (DoS) attacks
  • Many organisations had not implemented proper web application logging mechanisms and were unable to identify and correct vulnerabilities.

The most common weaknesses are show in the table below:

WHID Top 10 for 2010
1 Improper Output Handling (XSS and Planting of Malware)
2 Insufficient Anti-Automation (Brute Force and DoS)
3 Improper Input Handling (SQL Injection)
4 Insufficient Authentication (Stolen Credentials/Banking Trojans)
5 Application Misconfiguration (Detailed error messages)
6 Insufficient Process Validation (CSRF and DNS Hijacking)
7 Insufficient Authorization (Predictable Resource Location/Forceful Browsing)
8 Abuse of Functionality (CSRF/Click-Fraud)
9 Insufficient Password Recovery (Brute Force)
10 Improper Filesystem Permissions (info Leakages)
Source: Web Application Security Consortium (WASC)


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy