Hackers target SME bank accounts


Hackers target SME bank accounts

Ian Grant

The bank accounts of small and medium sized companies have become hackers' favourite target during the first half of 2010, according to the Web Application Security Consortium.

An analysis of web-hacking incidents by Trustwave's SpiderLabs security research team showed:

  • Attacks on small to medium businesses' (SMB's) online banking accounts pushed banks to number three as a hacker target
  • Banking Trojans were fast becoming a favourite tool to steal bank credentials
  • Application downtime was on the rise due to denial of service (DoS) attacks
  • Many organisations had not implemented proper web application logging mechanisms and were unable to identify and correct vulnerabilities.

The most common weaknesses are show in the table below:

WHID Top 10 for 2010
1 Improper Output Handling (XSS and Planting of Malware)
2 Insufficient Anti-Automation (Brute Force and DoS)
3 Improper Input Handling (SQL Injection)
4 Insufficient Authentication (Stolen Credentials/Banking Trojans)
5 Application Misconfiguration (Detailed error messages)
6 Insufficient Process Validation (CSRF and DNS Hijacking)
7 Insufficient Authorization (Predictable Resource Location/Forceful Browsing)
8 Abuse of Functionality (CSRF/Click-Fraud)
9 Insufficient Password Recovery (Brute Force)
10 Improper Filesystem Permissions (info Leakages)
Source: Web Application Security Consortium (WASC)

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy