Data Leak Web Attacks Double, Abusing Governments, Banks, More

Written by Pam Baker
July 1, 2019

Government websites are taking the biggest hit, but banks, transportation and other verticals also are impacted.

Data leak web attacks doubled in 2018, according to a new Positive Technologies report. This type of attack accounts for 67% of attacks on government websites, and they are commonly used to stage targeted attacks later.

The Positive Technologies researchers note that “government institutions’ websites are still exposed to dangerous attacks aimed at gaining server control and stealing database information. This means gaining control of the attacked website, having access to the OS and to all files on the server.”

However, it was financial institutions that took the heaviest number of hits from web application attacks, followed by transportation and hospitality/entertainment. The three most common attacks are SQL injection, path traversal and cross-site scripting.

Positive Technologies’ Leigh-Anne Galloway

“Even the risks related to sites compromised are high; for instance, if the official bank site is used to distribute malware or stage phishing attacks, customers will be the first to be hit. Attacks on customers top the list of attacks on web applications of financial institutions,” said Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies.

“As regulation has leveled the playing field between fintechs and digital challengers, traditional banks’ market dominance is being threatened. Customers now have more choice on who to bank with and are more brand agnostic. This means traditional banks risk losing customers if their systems are not robust and secure,” Galloway added.

Surprisingly, attacks on banks are increasingly coming from nation states with the intent to harm rising well beyond theft to include bank or even economy crashes. According to a Carnegie Endowment for Intranational Peace report, the attackers behind 23 out of 94 financial cyberattacks since 2007 are believed to be state-sponsored, with the majority coming from countries like Iran, Russia, China and North Korea. The Carnegie’s Cyber Policy Initiative developed a timeline of the nation state attack trend.

“Increasingly, the attacks target the personal and payment data of customers. Most of 2018’s attacks (42%) were aimed at data theft. We also see attacks aimed at infecting a site with malware, which allows the hackers to reach more victims and use vulnerable sites for targeted attacks,” said Galloway.

The future doesn’t look poised to bring much relief. A recent report by BAE Systems and SWIFT predicts that criminals will stick with simple, tried-and-true methods like the Positive Technologies’ report notes, but will likely also include attacks on “foreign exchange markets, trade finance, securities and other areas, looking to make large gains in single intrusions or use persistent access to play the market over longer periods.”

The future is also gloomy for the public sector given the rise in nation state attacks and the cumulative effect of previous public and private sector data breaches. For example, the Government Accountability Office (GAO) reports that data breaches like that at Equifax are still posing great risks to four government agencies: the Department of Veterans Affairs, Centers for Medicare and Medicaid Services, Social Security Administration, and U.S. Postal Service. In another GAO report, the government agency found 10 critical actions are needed to address four major cybersecurity challenges across agencies.