-’The State of Application Security in UK Banking’ report by Jscrambler analysed UK banks and fintech’s exposure to third party risk and supply chain attacks-
PORTO, Portugal, 23 JUNE, 2022 — Jscrambler, a technology company specialising in cybersecurity products for web and mobile applications, today announced a new report: ‘The State of Application Security in UK Banking’. Analysing a sample of banks and fintechs from the UK, Jscrambler’s dedicated research team have focussed on the security of the source code of each bank or fintech’s applications and analysed their exposure to third party risk and software supply chain attacks.
Attacks such as phishing, ransomware, malware and banking trojans have been gaining momentum globally, resulting in the theft of user data and disruption of operations. In parallel, Fintechs have been enjoying very rapid growth. With competition between players in the banking industry quickly mounting, development teams had to cut time to market, which inherently increases the chance of security weaknesses being introduced into the web and mobile apps they develop. Ultimately, consumers are left at risk, and companies face regulatory, financial and reputational risks.
The key findings include:
- 40% of those that do use obfuscation are using very weak protection, with little resilience – attackers can easily reverse this by means of a de-obfuscator.
- 18% use anti-debugging protection at runtime – the vast majority of UK banking websites are not impeding threat actors from experimenting with the source code at runtime.
- 23 external domains (on average) receive data from banking apps – often, security teams are not aware that their applications are sending data to so many external domains.
The results presented in this report are based on an analysis conducted by Jscrambler’s security team between March and May of 2022. The sample of this analysis represents 11 banks and Fintechs from the United Kingdom. The analysis refers to a series of tests carried out on the websites and mobile apps of these institutions, used by their own customers.
To view the report, click here.
For more information about Jscrambler, visit www.jscrambler.com