Tag: API Attacks
We also analyzed the primary root causes of the breaches, how that varied in breach remediation costs by industry, and the impact of these breaches on each data type breached on the global scale. The purpose of our analysis was to identify where organizations are most likely to be attacked in a way that…
Read MoreExecutive Summary Like coral reefs teeming with a variety of life, web applications are “colony creatures.” They consist of a multitude of independent components, running in separate environments with different operational requirements and supporting infrastructure (both in the cloud and on premises) glued together across networks. In this report, we examine that series of interacting…
Read MoreIn July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of…
Read MoreIntroduction In the 2018 Application Protection Report, we mentioned the potential vulnerabilities associated with application programming interfaces (APIs). These APIs specify how various application components and clients should autonomously interact with each other to deliver the application experience. Through APIs, software services exchange commands and data. Because of this, APIs are tantalizing morsels for predators…
Read MoreAdvanced Attackers Like criminal actors, state-sponsored actors or APTs often initiate their illicit access campaigns with spear phishing. However, advanced actors have more time and resources on their hands, and can fashion something of value even from apparently useless data. Large caches of innocuous information, such as email addresses, can be used to look for…
Read MoreIn 2018 we published our first Application Protection Report, which summarized trends and attack patterns for 2017 across multiple disciplines of information security and offered a big picture strategy for controlling application risk. We created that report in order to provide three things that we felt the security industry needs: a specific focus on application…
Read MoreAPI Vulnerability Data The sensor network that our partner Lorkya maintains found only 0.1% of attack traffic was definitively looking for API vulnerabilities. However, this is probably better attributed to the limitations of the sensor network than any trends about API attacks. Loryka’s sensors primarily detect wide-ranging probes and reconnaissance campaigns where attackers are looking…
Read MoreIntroduction Ten months ago we asked a rhetorical question: will losses from cryptocurrency exchange hacks hit one billion dollars in 2018? Indeed, they did. Cryptocurrency theft is growing both in terms of frequency of attacks and breadth of targets. Attackers aren’t just cryptojacking and targeting exchanges. According to endpoint security provider Carbon Black, $1.1 billion…
Read MoreViewed in this way, our research illuminates some interesting aspects of the current state of security. In 2018, to the extent that new attack techniques and approaches emerged, it was largely in response to changes in how organizations design, create, and manage applications. The context that makes old attack techniques like injection and phishing newly…
Read MoreLooking at cloud breaches over the last few years, it’s easy to get the impression that most were easily avoidable events that occurred due to silly misconfigurations, ugly failure modes, or borderline negligent architectures. To put it bluntly, these cloud breaches look stupid. But the people and the organizations designing and running these systems—both the…
Read MoreRecent Posts
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System
- Nokia investigates breach after hacker claims to steal source code
- DocuSign’s Envelopes API abused to send realistic fake invoices
- AI in Social Engineering – Canary Trap