Under Attack: FIs & Finservs, Among Most Targeted Sectors by Hackers

Financial services and institutions are among the most highly targeted sectors by cybercriminals, receiving an average of 983 attacks daily targeted at web apps, according to a new research report.

The study, “Web Application Attacks Statistics 2017,” from Framingham, Mass.-based enterprise security firm Positive Technologies, also saw a sharp rise in cross-site scripting attacks against banking customers, wherein cybercriminals alter web page code.

The research detailed the main trends, threats and challenges related to web application attacks throughout 2017, as well as expectations for 2018. It also described how vulnerabilities in web applications have enabled hackers to harm diplomatic relations, obtain lists of patients at plastic surgery clinics, pilfer vast sums from cryptocurrency exchanges, and perform other far-reaching attacks.

The most common types of cyberattacks remained the same in 2017 as previous years, with cross-site scripting constituting nearly a third of all attacks. Other popular attacks involved the ability to access data or execute commands on the server, including SQL injection, path traversal, local file inclusion, and remote code execution and OS commanding.

The most intensely targeted sectors in 2017 were IT and finance (the latter including both financial institutions and e-procurement platforms), which had daily attack rates of 1,014 and 983 respectively. IT companies offer an appealing mark because of the passivity in piercing a clients’ infrastructure. The NotPetya ransomware outbreak, for example, began with the hack of an accounting software developer.

Web applications are a weak spot in bank security. Attackers, lured by funds hackers can steal from users of online banking or payment systems. continue to target financial institution sites to penetrate internal infrastructure and steal funds via banking systems.

Another dominant trend in 2017 was the boom in cryptocurrency and initial coin offerings. In most attacks on cryptocurrency exchanges and ICOs, hackers took advantage of poor web application security. Examples: attacks affecting CoinDash and Enigma Project, where hackers altered the cryptocurrency wallet address displayed on an ICO site so that investors would unknowingly transfer funds to an attacker-controlled wallet.

The report also cited government websites as a constant target for attackers in 2017, receiving an average of 849 daily attacks per organization. Last February, hackers modified the websites of embassies and government authorities around the world to feature a script that infects visitors’ computers with spyware. Later in the year, the site of the U.S. National Foreign Trade Council underwent a similar attack.

Planting untrue news on trusted websites—such as the official page of a foreign ministry—can spark scandals and international outrage. One such attack recorded last year in Qatar fabricated statements attributed to the country’s emir, leading to a diplomatic row with other countries in the region. Hackers also seek the websites involved in presidential and parliamentary elections. The upcoming 2018 World Cup, being a high-profile international event, is likely to draw many attacks including denial-of-service, defacement attacks and attacks against users.

The report also described attacks on healthcare web applications, which on average received 731 attacks daily. In one incident involving a Lithuanian plastic surgery clinic, hackers published over 25,000 unclothed “before” and “after” photos of patients. Initially the hackers demanded a ransom from both the clinic (EUR 344,000) and individual patients (up to EUR 2,000).

Positive Technologies analyst Ekaterina Kilyusheva described actions businesses should take to protect themselves: “As we have seen from attacks across all sectors, ensuring maximum security for a web application requires auditing through all stages of development and after it is put into production. It is critical to regularly install any updates available for web application components and use a web application firewall, which is an essential prevention measure. Without a WAF, hackers can successfully attack within the window of time before vulnerabilities are fully patched.”