Alert on websites security in France

A new study just revealed some critical cybersecurity issues about internet in France: indeed, 100% major French companies websites show security vulnerabilities. And even worse: 60% of them have at least one serious flawwhich cybercriminals can use to exploit huge amounts of data.

If it’s not really a surprise, the problem was not seen as being so serious. This study released by Wavestone, a Web security-based firm audits carried out between June 2015 and June 2016 for 82 companies among the 200 largest French is eloquent. Indeed, none of the 127 tested sites – representing respectively 84 websites and 43 private corporate networks site – have passed the test. The full impact sites had at least one of the 47 vulnerabilities tested.

50% of the websites accessible to the public even contains a serious flaw at least: they indeed enable hackers to collect in an automated way  all the available data on the site.

These so-called serious flaws, the most common ones affecting 44% of sites are for partitioning problems. This means that these sites allow a hacker to simply access the site of another user data or access to the website roots. “For example, on a bank site, it was possible to view the sessions of other people who were online at the same time, very simply, from a hacked account,” said Gerome Billois, a security expert at Wavestone.

Another serious flaw concerns the ability to run malicious code on 37% of the sites. This is usually done with an attachment poorly protected system. For example, an insurer may offer its customers to report a claim online, by sending a PDF photo picture. However, if this feature is poorly protected, a cybercriminal can easily send a corrupt file. This will then launch a malicious program on the site server, which will allow the attacker to take control of the site, then to infiltrate into other areas of the computer system of the targeted company. “An attacker can thus easily take control of a server and access the service database, which is rarely encrypted because the server needs access to some clear information,” said Gerome Billois.

Some flaws identified as average ones are far from being negligible. The major difference with serious flaws is that they can intercept data from complex and not automated. It is this case which specialists call “cross site request forgery”, in which over 60% of the studied French sites are vulnerable. In fact, if a user browses a corrupt website and let other open tabs open within the same browser (Chrome, Firefox, Internet Explorer …), a hacker can then access all visible data on the different tabs – including sensitive data such as the online banking information. The cybercriminal can then perform actions without the user seeing anything and can then even go up to change the password.

Finally, minor flaws do not allow to steal data directly, but still provide information about the site design which can later help preparing a cyberattack. “It’s like a closed door whose lock would displays the brand and serial number,” says the consultant.

In most of the cases mentioned in the Wavestone study, websites were also having flaws in their design. “The sites are made hastily, for a marketing campaign or product launch,” comments Gérôme Billois. “Without a crash test before the launch, everyone should be mobilized on these cybersecurity issues. The recent Yahoo! and LinkedIn leaks have made people realized and change their process, but too many leaders fell that it only concerns technology companies in the Silicon Valley. ”

So be extremely careful when you surf on the internet! For your safety, the best solution is to use a VPN service! Le VPN encodes your Internet connection through a complex encryption system with AES-256 algorithm. This coding makes any interaction with your personal data, and that, even when your connection has been intercepted or compromised. Every data you will send will go directly into your secure virtual tunnel. With Le VPN, you can easily direct your traffic by choosing a server in one of the 120+ available countries. Make sure to choose the best VPN services available for a secure Internet connection, wherever you are. Stay away from scams and hackers with Le VPN.