Malware
There has been a rise in Mobile malwares designed specifically for applications on Mobile platform. Malware, once let in, can cause identity theft and data breach, which could lead to the stealing of personal and account information.
Due to COVID-19, many users access their organisation resources such as emails or files on one drive etc. on their personal mobile devices, if the users’ mobile device is compromised by malware this could result in potential breach to the organisation as sensitive information could be captured.
Third-party Apps
Many times, customers use third-party apps which do not have a strong security system. The third-party app can cause data breaches and information stealing. In worst-case scenarios, if you download the app from questionable sources, the chances are that the attacker may have created the app with threatening malware already embedded in it.
Man in the Middle and Session Hijacking
In this type of attack, the malicious actor acts as a third party and intercepts traffic between the user and the application of the financial organisation. If the data is not encrypted, it may lead to data breaches and session infiltrations.
Spoofing or Snooping Attacks
In this attack, the attacker can gain access to the company’s server or portal to request user parameters through a technique called snooping and then creates an attack script to send a forged request to the server.
Since the forged request has user traces or parameters, the server or the portal is forced to believe that the request is genuine and from the user. For instance, the attacker can intercept the session details between the user and the server of the application and launch a forged request initiating a financial transaction.
Injection Attacks
In these kinds of attacks, the attacker injects a malicious code in the network, which allows him/her access to all the user information from the database. Injection attacks are extremely dangerous as it may allow the attacker direct access to the database or underlying operating system and its configuration.
This would result in complete system takeover, and enable the attackers to execute arbitrary system commands.
Bank Fishing
These scams largely occur on unsecured third-party applications, which send in push notifications or app messages asking for your personal information. The messages may seem genuine but are embedded with a malicious code to extract personal information from the users.
There are many preventive measures on the individual level as well as on the organisational level to prevent scams and data infiltration.
To read this check original content source: Application Security in Financial Services