Posts

The True Cost of Phishing Attacks

It is quite deceiving that something so vicious can be named after a treasured pastime. We love fishing, but this is not your grandfather’s weekend adventure. Phishing is a serious crime and one from which many are unable to recover. Phishing is not going away anytime soon. In fact, it is at an all-time high. We at Alliance Technology Partners want to warn you about the true cost of phishing attacks.

 

Phishing Statistics

According to the APWG Phishing Activity Trends Report, in the 1st quarter of 2014, the number of phishing sites jumped by 10.7 percent compared to the final quarter in 2013. In 2013, the number of brands targeted by criminals was 525 in the 4th quarter, and by the 1st quarter in 2014, that number reached 557. The first quarter of 2014 experienced the second highest number ever recorded in the first quarter since APWG began tracking and publishing the Phishing Activity and Trends Report.

 

Who are the Primary Targets?

Cybercriminals are not picky. They target any and all businesses and the customers who visit their sites, check their emails, and more. According to the same APWG report, at least 32.7 percent of personal computers were infected with some sort of spyware, malware or adware.

In the United States, we are the number one targets for criminals, as the US is the country with the highest number of phishing sites (APWG June 2014). Trojans are the number-one strain of phishing weapons. Trojans make up more 70% of new malware strains and malware infections.

What is it criminals are after and what industries and consumers are affected? The agency reports payment services sites make up 47% of email subjects; 20% are financial service industries, and 20% include retail and service industries. The two common types of attacks are “spear phishing” and “whaling.”

Crimeware is a common malware code that infiltrates financial institutions to steal customer data and financial information. Generic and Data Trojans can be deployed to any company’s network—including yours—to collect all data that goes in and out of the company. If your company is not in the position to protect, detect, and prevent such attacks, the consequences can and will cripple your business and its brand.

 

What is the True Cost?

Wall Street and Tech reports more than 70% of companies report that the lack of security awareness is the number one threat against the company. Let’s be clear: there are more than financial costs on the line; your very operations are in jeopardy. Once a criminal gets into the system or accesses data, the costs soar. An organization can spend as much as $3.7 million per year addressing phishing attacks. Does your company have that kind of dough? Companies that experience data breaches can also lose money in the bank, they may have to pay legal fees and settlements, they may have to replace software and systems, and companies—if they survive—will have to repair their reputations as well. Revenue is lost, trust is lost, customers flee, and word-of-mouth prevents new clients from seeking your services.

 

Don’t’ become a phishing horror story. Talk to the professionals at Alliance Technology Partners about prevention, protection and strategies to combat phishing attacks.

Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015

Gartner recognizes Acunetix as a Challenger

Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner’s 2015 Critical Capabilities for Application Security Testing Report

Gartner, Inc., the leading provider of research and analysis on the global information technology industry, has recognized Acunetix as a challenger, assigning Acunetix Web Vulnerability Scanner a score of 4.36 out of 5.0 in the Manual Web Penetration Testing Use Case, in Gartner’s most recent Critical Capabilities for Application Security Testing Report.

Read More

 

Reduce Web Vulnerability Scan Times

Business applications and websites are being routinely attacked and facing a number of threats from hackers looking to steal sensitive information. Luckily, we have the capabilities to ensure that your business website is secure and free of flaws that could be used by online criminals to infiltrate the system. This is done by running web vulnerability scans. The amount of time it takes to scan is very important, and if your vulnerability scan times are slow, it leaves you more vulnerable to a security breach. All it takes is one successful digital break-in by a cyber-criminal for them to access all your sensitive data.

 

Web Vulnerability Scan Times

A good response time is anything under .2 second, and a response time over .3 second is considered dangerously large, causing scans to take an excessively long time to complete. One of the most common reasons for slow vulnerability scanning times is the relation of the response time between scanner and target application or website. Of course, there are many things that can lead to a high response time and lengthen the time it takes to complete your vulnerability scan. Here we discuss ways to reduce web vulnerability scan times.

 

Web Server Performance

Your web server simply might not be acting to its full potential, slowing down the scanning process. Start by looking at items like your hard disk access, CPU, memory etc. Often this type of issue is solved after you upgrade your server. Be sure you’re upgrading to something that is able to meet the needs of your business and don’t settle for less.

 

Firewall Problems

A slow scan time could be because of your Intrusion Detection System, Web Application Firewall or network firewall. Make sure that your antivirus software is up to date. Firewalls are notorious for causing very long site response times.

 

Database Performance

Once you know that your web server is not slowing you down, consider the database. Slow response times may be solved once the database has been cleaned up and optimized. By doing these simple tasks, your system has less queries to go through every time a response is requested.

 

Bandwidth and Network Performance

When the network is busy, that will slow everything down. Your server might be in the middle of a bottleneck and that will certainly affect your scan time. Try testing your server from several different locations to confirm this, then you can work on a resolution.

 

Seek Outside Assistance

You may try all of these tactics and you’re still getting slow response times. Seek outside assistance so you can customize your web vulnerability scan with the Acunetix Web Scanner Tool. Sometimes the whole website does not require scanning but instead the scans can be divided into smaller segments. Acunetix Web Scanner Tool has several filtering options available to reduce web vulnerability scan times.

To learn more about reducing your scan time, contact us today. Our Acunetix trained engineers will be happy to assist you.

How Web Scanning Can Help With Web Security Pitfalls

The Internet is a vast place, full of intrigue and wonder – but also chock full of risk. More than 70 percent of all websites have vulnerabilities that could put your business at risk. More than 20 percent of those vulnerabilities are classified as critical, which has the potential to bring business operations to a screeching halt.

The Five Most Common and Significant Web Security Pitfalls, according to the Open Web Application Security Project (OWASP):

Injection – Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Broken Authentication and Session Management – Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.

Cross-Site Scripting (XSS) – XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser, which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

Insecure Direct Object References – A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

Security Misconfiguration – Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

With the threat landscape continually evolving, it’s important to take steps to prevent would-be attacks and protect sensitive data.

Web Vulnerability Scanning is a method that uses tools to automatically scan web applications for known security vulnerabilities and deliver a report on the findings. The scans can be scheduled to run when it’s convenient and reports are broken down in a way that is easy to understand, thus enabling you to protect your business more effectively.