Major insurance companies in Europe recently found out that the architecture of their web applications contains several security weaknesses.
Major Insurance Companies And Their Security Threats - Report
According to the Web Application Security for Insurers Report for 2021, it carefully analyzed the web applications of Europe's top 10 insurance providers. The report used ADV Rating's list, and it found that every single insurance company had some degree of security vulnerability.
The report also uncovered that the top European insurers run over 7,600 internet-exposed web applications with more than 1,920 domains. It also disclosed that 3% of the domains are considered suspicious.
In addition, nearly 24% or one in four of the insurance companies' applications that were identified used old components that contain already-known vulnerabilities that are easy to exploit.
Top 3 Attack Vectors of Major Insurance Companies in Europe
Based on the report by The Outpost 24, these are the top three attack vectors:
Degree of Distribution - The higher the page amount, the riskier it is. All pages have to be identified, and all code vulnerabilities have to be uncovered at all present levels.
Page Creation Method - This method primarily depends on the code that the web application has been developing.
There is a risk with developing websites that contain insecure codes. Outdated software also increases the possible risk of vulnerabilities that various hackers can easily exploit.
Active Content - Whenever a software application runs numerous scripts, the content is activated. Depending on how the scripts are implemented, the attack surface could increase whenever a website was developed using vulnerable technological active content.
The Outpost 24's report also covers other security and compliance issues that revolve around cookie consent, basic SSL, and even privacy policy defects.
Ransomware Attacks on Insurance Companies
IT Security Guru believes that the issue is deeply concerning because web applications remain the largest source of data breach.
It is no surprise that these applications have many complexities brought about by attack vectors that continuously present the possibility of serious vulnerabilities.
Several insurance companies have already experienced intense attacks from hackers who asked for ransomware payments in return for their stolen data.
Recent ransomware attacks hit big names in the insurance industry, including US CNA Financial, forced to pay $40 million to regain access to their systems and AXA's 3TB of sensitive data leak.
Now would be the best time for hacking groups to attack these insurance companies because they are easier to target than their security vulnerabilities.
What Should Major Insurance Companies Do?
Knowing that they are more susceptible to being attacked, both minor and major insurance companies need to consider taking a magnifying glass as a means to examine their application attack surfaces.
Preventing attacks from various hackers should be their top priority, especially against the most notorious and common attack vectors that The Outpost 24 report revealed.
Doing this would enable their insurance security developers and teams to strengthen and protect their attack surfaces. Insurance companies may also take the necessary steps in mitigating threats within their application footprints.
Related Article : Ransomware Operations of Clop Gang Resumes After Recent Arrests - New Data Breach Victims
This article is owned by Tech Times
Written by Fran Sanders