The battle over Internet fraud generally
assumes that the industry at large is aware of the most popular hacking methods
that digital criminals like to use. However, a new study warns that defending
against and preventing business security breaches is harder than we all may
think.
According to BankInfo
Security, a new report contests that hackers generally attack where
businesses least expect it—and from where they are less likely to be detected.
The report is entitled “The Top Cyber Security Risks” and contains research
conducted by the SANS Institute, the Internet Storm Center, TippingPoint and Qualys. It reveals that the two most
popular weaknesses exploited by security hackers are online applications and
client-side applications. These areas are also among the least protected areas
of online business and often work hand-in-hand.
Web application exploitations account for more than 60
percent of all of the cyber attacks observed while researching the report.
These attacks turn trusted, secure websites into websites delivering content
that hosts client-side exploits. These exploits can be injected into everything
from multimedia content to simple PDFs and commonly downloaded documents. The clients
receive them en masse under the assumption that the website is secure, thus
completing the exploitation cycle.
Most businesses, however, overlook these areas when
performing scans and strengthening security measures. The report shows that
major businesses take twice as long to patch client-side vulnerabilities as
they do operation system vulnerabilities. Security professionals urge the
industry to recognize the report’s claims and make a swift change to protect
against web and client-side application exploits without taking attention away
from traditional security concerns.