Hackers have exploited a web application vulnerability on a FastBooking server to install malware and pilfer data – such as names, email addresses, booking information and payment card data – on guests at hundreds of hotels.
Mark Noctor, VP EMEA at Arxan Technologies, comments on this latest breach and explains just how risky application vulnerabilities are for a business.
Mark Noctor, VP EMEA at Arxan Technologies:
“This most recent exploited web app vulnerability is not a huge surprise to us, yet most people do not realise just how many vulnerable applications exist. Even yesterday’s Gartner report on Application Shielding highlighted that, within businesses, “developers rarely feel their applications could be targets”.
In our recent report, it became clear that application breaches are rising, with nearly 75% of organisations having likely experienced a material cyberattack or data breach within the last year due to a compromised application. Surprisingly, however, only 25% said their organisation has plans to invest in solutions to prevent application attacks.
It is extremely worrying that so many companies do acknowledge the increasing risk of application attacks, and yet they are still doing very little to prevent breaches from occurring. Businesses need to realise that applications pose a very real and very dangerous risk and they need to start investing more time and money into preventing such attacks.
What FastBooking’s breach does show is that web apps are most definitely vulnerable to attacks and it is vital that companies not be complacent, even if they have been consistently running their web apps without problems. Even if an organisation has scanned everything for vulnerabilities or has been running its website without problems for years, it is best practise to use a modern code hardening tool on your code to prevent such breaches.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.