Data Breach: Weak Configuration – Financial Services Firms
Weak Configuration: An Open Invitation for Cyber Exploitation
Technology devices don’t have a corner on weak configurations. System network configurations can be just as weak – especially when it comes to password protection. Weak configurations can be devastating to institutions holding large amounts of (sensitive) data such as financial services firms.
The Verizon Data Breach Investigation Report (DBIR), in fact, reported that four out of five breaches can be traced back to easily guessable passwords (e.g. a ‘123456’ password), and/or the lack of a static authentication system.
Even established institutions are prone to fall short in their efforts to mandate secure password best practices. Poor configurations are responsible for four major modes of attacks, including:
1. SQL Injection
Hackers can use an injection attack to bypass a web application’s authentication and verification mechanisms to access private data.
Malicious code is inserted, or “injected,” into strings that are passed to an SQL server for parsing. This tricks the application into changing data or executing unintended commands – giving attackers full access to a database for the purpose of releasing its information or holding it hostage. An estimated one out of three Web attacks are launched via SQL injections.
To learn more about the danger of SQL injection you might want to read: A Brief SQL Injection History Lesson
2. CMS Compromise
Many institutions rely on some form of content management system (CMS) – WordPress or Joomla, for example – to share, publish and edit content. Unfortunately, these systems may contain vulnerabilities that are often exploited when left unpatched. These openings provide an entry point for attackers to install backdoor programs.
WordPress, despite being the most common CMS, is also one of the most vulnerable. One study revealed that 73% of all WordPress installations had one or more vulnerabilities that could have easily been detected using automated tools.
CMS solutions are inherently vulnerable because of their open frameworks. Many operators also use weak passwords, leaving their system susceptible to brute force attacks.
3. Backdoor Access
“Backdoor” essentially refers to any intrusion tactic that goes unnoticed. Hackers can use backdoor access to install malicious software or record user keystrokes, which gives them what they need to move freely around the unsuspecting victim’s network.
Systems are especially vulnerable to backdoor attacks when networks are accessed by multiple users. Attacks normally occur in stages, and backdoors are often used as a second point of entry or the third command-and-control stage of the attack process.
“Cyberattacks against financial services firms increased by over 70 percent in 2017, which reflects that the financial services sector is currently vulnerable to such attacks, states a recent report from Market Expertz. In the previous year, cyberattacks against the sector had increased by 60 percent.
The global cybersecurity in financial services market is expected to expand at an annual growth rate of 9.81 percent, leading to a global revenue of $42.66 billion by 2023, the report estimates.
Still, a Deloitte survey of 51 CISOs at U.S. financial services institutions in May suggests financial institutions aren’t spending enough to adequately defend against attacks.”
4. DNS Tunneling
Domain name system tunneling is a way of encoding the data of other programs in DNS queries and responses. It is used to establish unintended communication channels to a C2 server and enact dataexfiltration.
Since the DNS protocol is not intended for data transfer, it is often overlooked by security monitoring programs. As a result, the infiltration may go unnoticed for some time.
Don’t allow a data breach to occur due to weak network configurations. Fairdinkum employs a combination of cutting-edge techniques to keep your network and data safe including security scans and monitoring, penetration tests, and security training to ensure that your data is safe with us.
You may want to read 5 Things Financial Firms Need To Know About Cyber Security.