Top 3 Most Expensive Financial Software Vulnerabilities

In today’s modern world of Technology, new forms of cyber-attacks and theft are constantly evolving.

We have asked Andrew Polyansky, leading developer of financial software development department of Elinext to review three most recent, and modern methods of financial software intrusion and theft through various banking and retail systems.

1. Structured Query Language (SQL) Injections and Data Extraction – SQL injection is when a user or users inject data requests and commands through a Web form input box or other intake module to command and extract data from a server and it’s variables—commonly personal information, transactions, etc. SQL injections also allow, in some instances, the ability to enact specific actions within the database itself—leading security experts or the business in question to believe the command(s) and incident(s) were internal. But in fact, these attacks could be completed from anywhere in the world given the right circumstances. A recorded event demonstrating the caliber of potential of said coding vulnerabilities would be the Heartland Payment Systems attack of 2008. This incident involved the extraction of over 134 million credit cards through spyware (think: commanded installation and operation) assembly and application within the payment system to steal data.
2. Encryption and Firewall susceptibility – Data-Encryption (also known as ‘cipher text’) by definition is the assembly of security measures in which a file or data is password protected. Capturing packets in cyberspace (mid-air) with software’s such as Winsock Packet Editor, given the right circumstances and experience, can allow an individual to capture, take apart, and with the right tools break into otherwise protected packets or files of information—commonly containing passwords, financial statements, details, transactions, names, and addresses. Firewalls on the other hand, by definition, are an added layer of protection to prevent unauthorized access inward of a network or computer, while still allowing outward data communications. An example of a worst-case scenario of Encryption and Firewall breach is the TJX Companies Inc. theft of 94 million credit cards in 2006. The data-capture was presumably committed during the unprotected or under protected transaction of customer purchase data through a wireless connection of Marshals’ retail stores.
3. Multiuse Zip/Unzipping Software ALZip (ESTsoft) -The ALzip compression application is used to create and compress multiple zip files of over 40 types (such as ZIP, EGG, RAR, etc.) and protect them with various forms of encryption methods such as AES-128bit/AES-256bit encryption. Zip files may be converted to 8 different formats. A prime example of security breach and vulnerabilities in this software occurred between July and August of 2011. Presumably, (Chinese) hackers attacked a South Korean server administratively in-charge of ALZip and compromised access, by uploading malicious software and actions through the update database. Due to this, the personal information of over 35 million South Koreans was compromised.

As society continues to develop, thus does technology. As new forms of technology arise, likewise will the development of malicious methods to extract or otherwise steal personal information and access to personal funds. What the future holds in the world of cyber-money and transactions is unknown, but it’s evident that there is a global threat of said information to-date.