Bank Robbing? There's a Vulnerable Web App for That

Gone are the days when criminals masked their identities and busted into a bank declaring, "This is a stick up!" According to Bank Attacks 2018, published today by Positive Technologies, cybercriminals are reaping big financial gains with relatively low risk by going online to rob banks. Analysis of information systems performed by the company for banks over the past three years found that attackers can obtain unauthorized access to financial applications at 58% of banks. While banks are well armed against external attacks with strong perimeter protections, they remain susceptible to insider threats, according to the report. "Whether by puncturing the perimeter with social engineering, vulnerabilities in web applications, or the help of insiders, as soon as attackers access the internal network, they find friendly terrain that is secured no better than companies in other industries," Positive Technologies wrote in a press release. Using techniques similar to those of the Cobalt gang, known for its attacks on financial institutions, penetration testers compromised the workstations used for ATM management at one-quarter (25%) of the banks tested.