Over 95 percent of web apps can be subject to cyberattacks and data leaks: study
New Delhi: Nearly all web applications (98 percent) can be subject to cyberattacks, with data leaks revealed in 91 percent of apps, according to a Positive Technologies study released at the Positive Hack Days practical cybersecurity forum on Friday.
“According to a Positive Technologies study, criminals had a possibility to stage attacks on users in 98 percent of web apps understudy and unauthorized access and data leaks have been exposed in 84 and 91 percent of apps,” it said.
Threats of unauthorized access to users’ data were detected in 84 percent of applications under study. In 72 percent of web apps, hackers can obtain access to software or content that is supposed to be inaccessible, such as user profiles of other users or a possibility to change the try-it-for-free period.
Such attacks may result in proliferating malware, readdressing to the hackers’ resources or even data-stealing with the use of the methods of social engineering, the study says. The most dangerous vulnerabilities are the drawback in user authorization and identification mechanisms.
“The results of protection analysis suggest that personal data may be exposed in 60 percent of applications, and user login details – in 47 percent, which is by 13 and 16 pp higher than in 2019. Personal and user data are the targets for hackers, which is confirmed by the data of the analysis of cyber threats in 2021,” Fyodor Chunizhekov of Positive Technologies explained.
According to the study, high-risk vulnerabilities have been detected in the industrial sector apps. Expert, however, notes positive dynamics in terms of the protection of industrial companies’ web apps, with the share of pass with a low level of protection going down by more than three times in 2019.
Around half of IT sector apps have a low level of protection too, the study indicates.
The study also revealed that the protection of e-trade websites has been enhanced, with no app with low protection level being found.
Nevertheless, 67 percent of productive apps of government institutions were assessed as having low protection levels, with the figure being about the same as in previous years.
Web apps with high-risk vulnerabilities accounted for 66 percent of apps in 2020, and 62 percent in 2021. Improper user authorization and the use of user-defined keys to bypass authorization account for the majority of high-risk vulnerabilities. Seventy-two percent of exposed vulnerabilities in the past two years stemmed from errors in web app codes.
The study covered the results of the 2020-2021 analysis of the protection of web apps, whose owners gave their consent for the use of their data for the purposes of the study.
(Vinayak)