Top US credit unions have multiple web app security problems

One in ten web applications are running on old components that contain known vulnerabilities

Security researchers have discovered problems in the web applications deployed by the top ten credit unions in the US.

Researchers at Outpost24 analyzed the top US credit unions’ web application attack surface to evaluate their security. They found 1,224 publicly exposed web applications running over 107 domains, with 10% running on old components containing known vulnerabilities.

Outpost24 selected its US Credit Unions list based on a Segmint list of the Largest US Credit Unions by Assets. Researchers examined each union’s public-facing web security environments against the seven most common attack vectors hackers use during reconnaissance to ascertain a risk score between one and 100. The risk score comprised security mechanisms, page creation methods, degree of distribution, authentication, input vectors, active contents, and cookies.

The research found that the top three attack vectors against the US credit unions targeted active content technologies, followed by authentication and page creation methods.

“It’s no big surprise to see Active Content Technologies (ACT) as the biggest scorer. As soon as an application runs scripts, the attack surface could increase if a website has been developed using multiple active content technologies, some more vulnerable than others, to build and create their applications”, said Nicolas Renard and Stephane Konarkowski, security consultant at Outpost24.

Researchers said that, overall, the attack surface score for the top ten credit unions was 16.39 out of 58.24. However, research showed the worst offender from the top ten returned a disproportionately higher attack surface score of 34.08, outweighing everyone else on the list and showing a great disparity in the security posture between credit unions.

However, this score was significantly lower when compared to US retailers, which scored 48.3. According to the researchers, this is likely because of the highly regulated business model credit unions operate in that requires them to demonstrate a standard level of security hygiene to protect the company assets and customer data against cyber criminals.

Researchers also examined the components used to develop the web applications and discovered there were, on average, 17 open port 80 among the credit unions. They said this can be dangerous when the service listening on the port is misconfigured, unpatched, vulnerable to exploits, or has poor network security rules.

Researchers said it is essential for security teams to identify open ports and close unused ones or install firewalls on hosts to monitor and filter port traffic to “prevent any security issues from creeping in.”

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
GitHub now supports security keys in a move away from passwords
Security

GitHub now supports security keys in a move away from passwords

12 May 2021
Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
US fuel pipeline hackers reveal their motive
ransomware

US fuel pipeline hackers reveal their motive

11 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021