Wednesday, June 7, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

At RSA, Akamai put focus on fake sites, API vulnerabilities

Researcher by Researcher
May 3, 2023
in Cybersecurity
0
Cloud security, hampered by proliferation of tools, has a “forest for trees” problem
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


This illustration shows a cloud with a lock above a globe of the Earth.
Image: Ar_TH/Adobe Stock

Last year, attacks using vulnerabilities in applications and application protocol interfaces reached record highs, according to security company Akamai in its new State of the Internet report. The firm said several common vulnerabilities and CVEs — common vulnerabilities — persisted last year on the heels of the well-known Log4Shell, ProxyNotShell, Spring4Shell and Atlassian Confluence remote code executions. The company pointed out that the inclusion of API vulnerabilities in the Open Web Application Security Project’s upcoming API Security Top 10 release reflects growing awareness of API security risks.

Content delivery network and cloud services provider Akamai, which recently acquired API security firm Neosec in a deal expected to close in the next two weeks, is joining the API security ecosystem. The strategy is one that Rupesh Chokshi, the senior vice president and general manager of application security at Akamai, said puts the company in a hyper-competitive and hyper-fragmented vertical.

Related articles

Ransomware, DDoS see major upsurge led by upstart hacker group

DDoS attacks dominate and pretexting lead to BEC growth

June 7, 2023
CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023

“There are lots of players in this space and a different angle everyone is taking,” Chokshi told TechRepublic at Akamai’s booth at the RSA conference in San Francisco. “What we need to do as an industry is more centralization of education: what are the threat vectors, the attack surfaces, how are adversaries attacking. A lot of the customers’ questions have been around discovery and visibility.”

Jump to:

Visibility and depth are key

“The journey is simple for the customer,” said Chokshi. “The journey starts with ‘give me visibility, discovery, alerts and can you go deeper into my application types, and provide more inline protection: can you help me fight the attack, shut it down and protect it?’ What I find interesting is when I talk to customers, in general, API management, traction, tooling and security constitutes a massive space where customers are looking for how to keep up, maintain my inventory and understand my applications. How do I know which ones are even within my data center, because the whole architecture is modular, with microservices, a lot of cloud native apps. With digital transformation, we are continuing to be in an even more connected economy and the whole supply chain is heavily digitized and dependent on APIs.”

API threats grow with API volume

Must-read security coverage

Akamai noted companies use an average of 1,061 apps and, to give a sense of the scope of attacks, noted that there were 161 million API attacks on Oct. 8, 2022 and peaked on Oct. 9. Akamai’s report attributed growth in attacks to faster app development lifecycle and production cycle. Indeed, as Akamai noted, an Enterprise Strategy Group survey reported that nearly half of organizations said they release vulnerable apps into production because of time constraints.

The company reported an increase in the accidental release of vulnerabilities, with one in 10 vulnerabilities in the high or critical category found in internet-facing applications. In addition, the number of open-source vulnerabilities like Log4Shell doubled between 2018 and 2020, with attacks in many cases beginning within 24 hours of vulnerability release.

Attack vectors in 2023

Akamai’s report asserted that local file inclusion, or LFI, a vulnerability due to programmer error, is the vector driving the most growth in web application and API attacks, as it is used by adversaries mainly for reconnaissance or to scan for vulnerable targets. The report said that LFI vulnerabilities sometimes let attackers obtain log file data that could help them breach deeper parts of the network.

According to the report, these were the major API risks:

  • There were 14 million server-side request forgery, or SSRF, attempts daily against customer web applications and APIs last year.
  • Because of open-source vulnerabilities like Log4Shell, Akamai predicts growth in server-side template injection, or SSTI, techniques that allow remote code execution by injecting code into a template.
  • Attacks on medical IoT devices grew 82% last year, and Akamai said it expects that trend to continue.

“As we continue to be in an even more connected economy, the API is the link that needs to be looked at heavily. A lot of these transactions are high velocity. At high pace, you want that infrastructure to work,” Chokshi said.

A November 2022 report from consultancy Gartner noted that the explosive growth of APIs is expanding that attack surface, giving malicious actors new breach and data exfiltration opportunities. It noted that the wide dispersion of APIs and their lack of homogeneity challenges a defense-in-depth approach to security. “This is being driven by modern application architecture, development, deployment and integration patterns,” the report noted.

The report also suggested that less mature organizations have less visibility into their API surfaces because they lump API security into general web application security and therefore invest in firewalls, DDoS protection and other types of general perimeter protection. “This naive approach prevents them from fully understanding and securing their API landscape,” the report stated.

Chokshi said because of the sheer volume of data traveling across APIs, security requires the application of AI-powered analytics.

“It’s difficult to know how much of that traffic constitutes a threat, and that is where the detection secret sauce comes into play, a combination of machine learning, AI models and behavior analytics. The processing power you need is significant because you want to take billions of transactions, sift through it and identify issues and quickly alert customers. That’s where the industry has evolved and focused on innovation,” he said.

Gartner, in its report on tackling API security, recommends to:

  • Catalog and classify APIs, both internal and external, to inform a proper risk assessment and enable engagement with API owners and delivery teams.
  • Assess risk based on various API characteristics including data sensitivity, business criticality, and customer impact.
  • Fill gaps in web applications and API protection to improve API security.
  • Implement continuous discovery of APIs and integrate with API management platforms to ensure consistent visibility.
  • Integrate API security into the software development life cycle to create a security-conscious culture and processes.
  • To that end, work with software engineering teams to enable self-service API specification validation, API security testing and catalog registration.
  • Establish a community of practice to build awareness and help establish shared responsibility and accountability for security throughout the API life cycle.

Akamai launches anti-phishing mirror-site detector

At RSA, Akamai launched Brand Protector, a new platform designed to thwart traffic to fake websites using stolen brand assets.

The company said Brand Protector addresses the problem of fraudulent impersonations with a four-step approach, comprising:

  • Intelligence from analysis of over 600 TB of data a day, both from Akamai’s network and third-party data feeds for holistic visibility.
  • Detection of brand abuse through live traffic (rather than delayed feeds and lists) tracing ideally before a phishing campaign begins.
  • Single-dashboard visibility delivered in real-time with findings ranked by threat score with a confidence score, severity rating, number of affected users and a timeline of attack events.
  • Mitigation capabilities through the ability to issue takedown requests of the abusive site within the user interface, attaching the detection’s evidence and supporting details for ease of use.

“The technical teams we have, innovation from our Tel Aviv office, actually allows us to see that the bad guys are actually going to the real websites to pull objects — logos and images — as the webpage is rendering. We saw traffic going to these fake websites, we saw information being pulled to create them, and end user traffic going to them,” said Chokshi.

Keep moving or sink

Choksi said that adversaries line up like “pilot fish” to spoof the websites of brands often timed around customer events. “We see customers we serve running promotions to generate traffic, and adversaries spin up phishing websites to pull that traffic. It happens all the time,” he said.

“What motivates our security teams and researchers is figuring out what the adversaries are up to today. ‘What are my signal points? How do I connect those data points and feel confident I’m onto something?’ It requires a very special talent, and conviction, and cybersecurity is one of those fields where continuous learning is very important. You have to keep moving and advancing,” he added.



Source link

Tags: AkamaiAPIfakeFocusputRSASitesvulnerabilities
Share76Tweet47

Related Posts

Ransomware, DDoS see major upsurge led by upstart hacker group

DDoS attacks dominate and pretexting lead to BEC growth

June 7, 2023
0

In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold...

CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
0

North Korean threat group Kimsuky has recently launched a social engineering campaign against a number of experts specializing in North...

Sentra Raises $30 Million for DSPM Technology

KeePass Update Patches Vulnerability Exposing Master Password

June 6, 2023
0

Open source password manager KeePass was updated over the weekend to patch a vulnerability allowing attackers to retrieve the cleartext...

Zero-day MOVEit Transfer vulnerability exploited in the wild

Zero-day MOVEit Transfer vulnerability exploited in the wild

June 6, 2023
0

Shodan search engine results for internet-facing MOVEit instances. Image: Shodan The Cybersecurity & Infrastructure Security Agency has issued an alert...

New DDoS Attack Vector Abuses Content Filtering Systems

UNC4857 Exploits MOVEit Transfer Flaw in Data Extortion Attacks

June 6, 2023
0

A newly discovered threat campaign has been observed exploiting the recently uncovered, critical-severity MOVEit Transfer vulnerability in order to launch...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Apple launches Vision Pro & more new products

Apple launches Vision Pro & more new products

June 7, 2023
Ransomware, DDoS see major upsurge led by upstart hacker group

DDoS attacks dominate and pretexting lead to BEC growth

June 7, 2023
Money20/20 Europe 2023: Day One TFT Roundup

Money20/20 Europe 2023: Day One TFT Roundup

June 7, 2023
Release date, price and more

Release date, price and more

June 7, 2023

Recent Posts

Apple launches Vision Pro & more new products

Apple launches Vision Pro & more new products

June 7, 2023
Ransomware, DDoS see major upsurge led by upstart hacker group

DDoS attacks dominate and pretexting lead to BEC growth

June 7, 2023
Money20/20 Europe 2023: Day One TFT Roundup

Money20/20 Europe 2023: Day One TFT Roundup

June 7, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved