Connect with us

Hi, what are you looking for?

Tech & Science

Cybersecurity and 2023: Is telecoms especially vulnerable?

5 billion of the 16.7 billion malicious transactions targeted unknown, unmanaged and unprotected APIs.

Image: — © AFP
Image: — © AFP

How will 2023 affect security and business operations? It is possible that threat actors will become more sophisticated in 2023 by leveraging the unholy trinity of application security interface (API) attack vectors. In terms of the main vulnerabilities surrounding such a development then it is possible that a major global telecom organization will face a data breach due to a shadow API.

To gain an insight, Digital Journal caught up with two experts from Cequence. First along was Jeremy Kowalczyk, Senior Security Architect.

According to Kowalczyk we can expect more complex and challenging cyberattacks: “Threat actors will become more sophisticated in 2023 by leveraging API attack vectors. Historically, malicious actors targeting APIs would leverage only one of the tactics outlined by the OWASP Top 10 – a standard awareness document for developers and web application security that represents a broad consensus about the most critical security risks to web applications – for an attack.”

As to what this form of attack takes, Kowalczyk  clarifies: “The reality is that APIs are under attack from several different vectors. In the year ahead, we will see attackers evolve to use a combination of three different tactics–Broken User Authentication (API2), Excessive Data Exposure (API3) and Improper Assets Management (API9)–to bypass common security controls and achieve their end goal. The increased combination of these three threats indicate that attackers will be performing new levels of analysis to understand how each API works – including how they interact with one another and what the expected result will be.”

Second to assess the emerging landscape is Aakash Tiwari, Senior Security Engineer, Cequence Security. According to Tiwari it is likely that: “A major global telecom organization will face a data breach due to a shadow API.”

The reason for Tiwari’s concern is because: “Roughly 31 percent, or 5 billion of the 16.7 billion malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow APIs in the first half of 2022, making it the top attack vector.”

He expands on the significance: “That is because shadow APIs are relatively easy for attackers to discover by analyzing an organization’s exposed APIs and then simply fuzzing or modifying the values, enumerating through other API endpoints on different versions, under different hostnames to find other API variants.”

In terms of what these means for the year ahead, Tiwari states: “In 2023, threat actors will seek to build off this momentum to exploit telecommunications companies that lack visibility into APIs due to their many sub-companies and partners. Blended with the rapid adoption of new technology telecom companies face, a global telecom organization will experience a major data breach thanks to a shadow API that impacts millions of users’ information and results in subsequent breaches.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The latest negotiations over European Union tariffs on Chinese electric vehicles ended in Brussels with "major differences" remaining.

Tech & Science

Elon Musk's X. — © AFPX was “alert” to any platform manipulation attempts, the Elon Musk-owned site told AFP Friday, following a report that...

Social Media

TikTok teams identified harmful effects of its platform on young users but limited preventive measures so as to avoid a drop in traffic.

Entertainment

Broadway performer Chilina Kennedy ("Beautiful") chatted about being a part of "The Great Gatsby" and her new album "Wild About You."