All news

Over 90% of web apps can be subject to cyberattacks and data leaks — study

High-risks vulnerabilities have been detected in the industrial sector apps, experts also note

MOSCOW, May 20. /TASS/. Nearly all web applications (98%) can be subject to cyberattacks, with data leaks revealed in 91% of apps, according to a Positive Technologies study released at the Positive Hack Days practical cybersecurity forum on Friday.

"According to a Positive Technologies study, criminals had a possibility to stage attacks on users in 98% of web apps under study. <…> And unauthorized access and data leaks have been exposed in 84 and 91% of apps," it said.

Threats of unauthorized access to users’ data were detected in 84% of applications under study. In 72% of web apps, hackers can obtain access to software or content that are supposed to be inaccessible, such as user profiles of other users or a possibility to change the try-it-for free period.

Such attacks may result in proliferating malware, readdressing to the hackers’ resources or even data stealing with the use of the methods of social engineering, the study says. The most dangerous vulnerabilities are the drawback in user authorization and identification mechanisms.

"The results of protection analysis suggest that personal data may be exposed in 60% of applications, and user login details - in 47%, which is by 13 and 16 pp higher than in 2019. Personal and user data are the targets for hackers, which is confirmed by the data of the analysis of cyberthreats in 2021," Fyodor Chunizhekov of Positive Technologies explained.

According to the study, high-risks vulnerabilities have been detected in the industrial sector apps. Expert, however, notes positive dynamics in terms of the protection of industrial companies’ web apps, with the share of pass with a low level of protection going down by more than three times on 2019.

Around a half or IT sector apps have a low level of protection too, the study indicates.

The study also revealed that the protection of e-trade websites has been enhanced, with no app with low protection level being found.

Nevertheless, 67% of productive apps of government institutions were assessed as having low protection level, with the figure being about the same as in previous years.

Web apps with high-risk vulnerabilities accounted for 66% of apps in 2020, and 62% in 2021. Improper user authorization and the use of user-defined keys to bypass authorization account for the majority of high-risk vulnerabilities. Seventy-two percent of exposed vulnerabilities in the past two years stemmed from errors in web app codes.

The study covered the results of the 2020-2021 analysis of the protection of web apps, whose owners gave their consent for the use their data for the purposes of the study.