Big Banks Vulnerable to Web, Mobile Attacks
Wednesday, July 10, 2019
According to the findings, 85 e-banking web applications failed a GDPR compliance test and 49 failed a PCI DSS test. “Only three main websites (Credit Suisse, Danske Bank and Handelsbanken) out of 100 had the highest grades 'A+' both for SSL encryption and website security,” the report said.
“Given the non-intrusive nature of the research and formidable resources available to the top banks studied in the research, the findings urge financial institutions to revise their existing approaches to application security,” said Ilia Kolochenko, CEO and founder of ImmuniWeb.
“Most of the data breaches involve or start with insecure web and mobile apps that are too frequently under prioritized by future victims. Unfortunately, most cybersecurity teams today carry a burdensome duty to meet compliance and regulatory requirements as the first priority and simply lack available resources to tackle other essential tasks. Eventually, they become low-hanging fruits for cybercriminals.”
Researchers detected 29 active phishing campaigns targeting customers of the financial institutions. “Phishing websites either spread banking malware aimed to steal e-banking credentials or provide fraudulent login forms aimed to steal victim’s credentials. Most of the malicious websites were hosted in the US,” the report said. Read Full Article
Search Security: British Airways security incident garners record GDPR fine