TechTarget

Hackers target SME bank accounts

The bank accounts of small and medium sized companies have become hackers' favourite target during the first half of 2010, according to the Web Application Security Consortium.

The bank accounts of small and medium sized companies have become hackers' favourite target during the first half...

of 2010, according to the Web Application Security Consortium.

An analysis of web-hacking incidents by Trustwave's SpiderLabs security research team showed:

  • Attacks on small to medium businesses' (SMB's) online banking accounts pushed banks to number three as a hacker target
  • Banking Trojans were fast becoming a favourite tool to steal bank credentials
  • Application downtime was on the rise due to denial of service (DoS) attacks
  • Many organisations had not implemented proper web application logging mechanisms and were unable to identify and correct vulnerabilities.

The most common weaknesses are show in the table below:

WHID Top 10 for 2010
1 Improper Output Handling (XSS and Planting of Malware)
2 Insufficient Anti-Automation (Brute Force and DoS)
3 Improper Input Handling (SQL Injection)
4 Insufficient Authentication (Stolen Credentials/Banking Trojans)
5 Application Misconfiguration (Detailed error messages)
6 Insufficient Process Validation (CSRF and DNS Hijacking)
7 Insufficient Authorization (Predictable Resource Location/Forceful Browsing)
8 Abuse of Functionality (CSRF/Click-Fraud)
9 Insufficient Password Recovery (Brute Force)
10 Improper Filesystem Permissions (info Leakages)
Source: Web Application Security Consortium (WASC)

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

This Content Component encountered an error

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close