Your bank’s website and web apps are horribly insecure

Bank fees and poor security.

If there's one thing the banking sector is good at, it's shoddy cybersecurity.

Next time you check your bank account online, think again. (Image: stock photo)

Bad news if you're one of the hundreds of millions of online banking users around the world. The chances are your bank's website and web apps are horribly insecure.

Researchers at security firm Positive Technologies, which has a commercial stake in securing web apps, tested 33 websites and services using its proprietary application inspector, and found that banking and financial institutions were “the most vulnerable” to getting hacked.

The banks and financiers at risk weren't named, but the fact that there was a 100 percent rate of vulnerability for a sector that handles people's money and finances doesn't bode well for the entire financial industry.

“A hacker can exploit these vulnerabilities to steal users' cookies, implement phishing attacks, or infect user computers with malware,” the researchers wrote.

For some attackers, exfiltrating and stealing data or denying service to users is one thing. But more sophisticated hackers use weak entry-points to move laterally within a domain. If an attacker finds a local area network connection on a target server, they can move deeper into a network and compromise an entire company or government department's infrastructure, the researchers said.

It's how the massive data breach at Equifax is thought to have been carried out.