The government's Cyber Crime Reduction Partnership and technology industry trade association techUK has revealed the top ten most common online security pitfalls, and what users can do to protect themselves.
Penetration tests conducted over the last 12 months demonstrated that although there are new threats emerging, well known and understood vulnerabilities are still the most common, as Gordon Morrison, director of tech for government at techUK explains.
'These threats may not be new, but all still post a real risk to UK web users,' says Morrison. 'The good news for businesses and citizens is that there are well established fixes available to protect against these vulnerabilities and avoid falling victim to cyber crime.'
The level of cyber threat to UK businesses is significant, with some attacks causing more than £1 million in damage in 2014. 87% of small firms experienced a security breach, and 93% of large organisations had also been targeted.
A new report, Securing Web Applications and Infrastructure, identifies the problems being detected most recently by the security industry, the harm they can cause and what to do to avoid them, so the impact and cost of cyber crime to the UK can be reduced.
The top ten threats online today
Account weaknesses, and especially a weak password policy
This includes concurrent logins being enabled and default passwords being used. However the most common issue was a weak password policy.
A weak password policy could allow unauthorised access to the application or the wider system, resulting in severe compromise or gaining of root privilege.
Secure Sockets Layer (SSL) issues
SSL provides a secure connection between the browser and the specific server (domain). It ensures data is encrypted and authenticates between the two connections. However, tests consistently show insecurities, from weak ciphers in use, to self-signed and expired certificates.
Poor implementation can lead to user password and data compromise through ‘man in the middle’ attacks/eavesdropping.
Cross site scripting (XSS)
XSS is one of the most common vulnerabilities which enable attackers to inject executable code into Web pages.
A cross-site scripting vulnerability may be used by attackers to bypass access controls and hence compromise the application or gain access to the wider system.
Clear test protocol in use
It is good practice to test applications and systems in general. However, leaving evidence such as ‘test harnesses’ could be highly useful to an attacker, as it may demonstrate where a vulnerability exists.
Depending on the vulnerability exposed, then application compromise and/or access to the wider system.
No brute force protection
Brute force may be used to attack an application in a simplistic but sometimes very effective way. Passwords and/or encryption keys may be guessed and automated tools deployed against them.
Access to the application will compromise it and perhaps give access to the wider system.
This means discovering the directory structure of a web page or being able to identify files that are normally hidden is of use to an attacker.
The attacker may be able to exploit a particular file or use the directory listing toimprove their chance of success in compromising the system or application.
No ‘clickjacking’ protection
Malicious code or a malicious link is positioned over a legitimate link via a transparent web layer to ‘highjack’ it to take the user somewhere else other than that intended or execute malicious code.
Depends on the malicious code or link deployed but will compromise the user or system.
Cookies – not marked HTTP only or not marked as secure
This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.
This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim’s session. If the attacker can carry out a MITM attack, they can force thevictim to make a HTTP request to steal the cookie.
Host configuration issues, especially firewall issues and IP leakage
There are a range of issues found in host configuration but the most common are firewall vulnerabilities and exposure of the user’s IP address, which is highly useful information to an attacker. Badly written applications can leak this information.
The IP address can be used to launch and direct other exploits or attacks such as denial of service. Leakage of the IP address also has privacy implications for the consumers of web applications.
Information disclosure, and especially user enumeration
Attacker may determine the username or password and thus compromise the application or system.