Everything you should know about Web Portal Security
In July 2021, more than 30,000 members of Jacksonville-based health insurer Florida Blue were alerted about a cyberattack. The attackers compromised the payer’s user database, which exposed the members’ personal information. How did this happen?
In June, the insurer’s IT security team reported several unauthorized login attempts, which, upon further investigation, was confirmed to be a cyber spoofing attack. Threat actors used a large database of credentials which were “compiled from third-party websites where ID and password information were previously compromised.” They then tried to brute-force their way into Florida Blue’s online member portal.
The breach was reported to HHS, and Florida Blue has implemented better tools to secure its web portal security. Additionally, affected customers were offered two years of identity theft protection services.
Here, we will discuss the importance of web portals, especially in the public sector, popular cyberthreats targeting web security, and how to defend against them.
The significance of web portals
Web portals create an integrated system by collecting data from various sources and presenting it to the user with the information required to perform certain functions. They offer personalized access to users who are required to enter login credentials in order to access the data. With the pandemic restricting several organizations’ workforce to remote working, web portals took on the additional role of providing employees with a secure platform to communicate and collaborate effectively.
Several industries within the public sector utilize web portals – hospitals, governments, and schools to name a few. These institutions often have to manage large amounts of personal data and public requests. Filing and recording them physically would be cumbersome as well as unsafe. As such, using web portals is often seen as an ideal and efficient alternative system. However, as the public sector becomes more technologically advanced, the frequency and sophistication of cyberattacks grow in parallel.
Cyber vulnerabilities in web security
While web portals are increasingly used to improve efficiency and user experience, they have a set of vulnerabilities that the public sector must be aware of and strive to address. Here are a few of them:
- Broken authentication: This vulnerability mainly occurs due to negligence. For example, a user on a public computer doesn’t log out of a portal after their session is completed but, rather, just closes the web application tab. Or, a user may not clear their cookies after the session has ended, causing sensitive data like usernames and passwords to be stored in the system. This could easily be exploited by a cybercriminal looking to steal data or cause other attacks.
- Insecure Direct Object References: When a reference to any internal object such as user information, files or, a database key (in URL or FORM parameter) is exposed, cybercriminals can exploit this vulnerability to their advantage.
- Cross-Site Request Forgery (CSRF): Here, requests are sent along with the victim’s session cookies and other relevant automated information to a vulnerable web platform where the victim is logged in. An attacker can then send a malicious link which, when opened, triggers a reaction, giving the attacker access to the victim’s information.
Major cyberattacks targeting web applications
Injection attacks occur due to injection flaws. These flaws refer to the failure to filter untrusted input before processing it. Threat actors can take advantage of this vulnerability and insert malicious codes into the application or server to gain access to a database which they can then exploit. SQL, OS command, and LDAP attacks are the most common types of injection attacks.
Cross-Site Scripting (XSS) is caused by injection vulnerabilities. Malicious codes are injected by threat actors onto a web platform’s database. When a user tries to access their data, the malicious code will be executed, allowing threat actors access to the user’s session cookies and other automated information which can be used to launch other attacks.
In a DDoS (Distributed Denial of Service) attack, the intent is to disrupt a server or network’s normal flow of traffic by using spoofed IP addresses to send large packets of data. This high traffic volume overwhelms the target, eventually crashing it. This type of attack blocks organizations from accessing their networks and greatly affects their operational activities.
In spoofing, an attacker can intercept communication between two computers by creating different IP packets and modifying the sender’s IP address to look like theirs.
A brute force attack is a trial-and-error hacking method where a threat actor attempts to gain unlawful access to a target’s account by repeatedly trying out a large combination of passwords, decryption keys, or login credentials.
Zero-day attacks exploit a vulnerability in an existing operating system or software to gain access to a device or network and infect it with malware. The product’s developers are not aware of this vulnerability, which is why, when discovered, the developers have zero days to address it.
How to maintain web portal security in the public sector
1. Educate your employees on web portal security, the dangers of unchecked vulnerabilities, and the possible cyberattacks that may occur as a result. Conduct regular training and testing to ensure they are aware of the security protocols to be followed.
2. Teach your employees the importance of good password etiquette. This includes using strong, unique, and different credentials across all accounts. Additionally, employ encryption tools, multi-factor authentication, CAPTCHAs, etc. for added security.
3. Regularly update all portal software and applications to the latest requirements to eliminate any vulnerabilities that cyber attackers could use to their advantage. Employ endpoint security programs and solutions to ensure added security on all system devices.
4. Public sector systems contain a lot of critical and personal data. As such, they should be stored on secure platforms with limited access given only to trusted employees. Additionally, consider switching data storage from locally, on your systems, to securely in the cloud.
5. Remove inactivated accounts from your organization’s systems. Moreover, implement effective policies on how to manage data that is not in use anymore.