How will 2023 affect security and business operations? It is possible that threat actors will become more sophisticated in 2023 by leveraging the unholy trinity of application security interface (API) attack vectors. In terms of the main vulnerabilities surrounding such a development then it is possible that a major global telecom organization will face a data breach due to a shadow API.
To gain an insight, Digital Journal caught up with two experts from Cequence. First along was Jeremy Kowalczyk, Senior Security Architect.
According to Kowalczyk we can expect more complex and challenging cyberattacks: “Threat actors will become more sophisticated in 2023 by leveraging API attack vectors. Historically, malicious actors targeting APIs would leverage only one of the tactics outlined by the OWASP Top 10 – a standard awareness document for developers and web application security that represents a broad consensus about the most critical security risks to web applications – for an attack.”
As to what this form of attack takes, Kowalczyk clarifies: “The reality is that APIs are under attack from several different vectors. In the year ahead, we will see attackers evolve to use a combination of three different tactics–Broken User Authentication (API2), Excessive Data Exposure (API3) and Improper Assets Management (API9)–to bypass common security controls and achieve their end goal. The increased combination of these three threats indicate that attackers will be performing new levels of analysis to understand how each API works – including how they interact with one another and what the expected result will be.”
Second to assess the emerging landscape is Aakash Tiwari, Senior Security Engineer, Cequence Security. According to Tiwari it is likely that: “A major global telecom organization will face a data breach due to a shadow API.”
The reason for Tiwari’s concern is because: “Roughly 31 percent, or 5 billion of the 16.7 billion malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow APIs in the first half of 2022, making it the top attack vector.”
He expands on the significance: “That is because shadow APIs are relatively easy for attackers to discover by analyzing an organization’s exposed APIs and then simply fuzzing or modifying the values, enumerating through other API endpoints on different versions, under different hostnames to find other API variants.”
In terms of what these means for the year ahead, Tiwari states: “In 2023, threat actors will seek to build off this momentum to exploit telecommunications companies that lack visibility into APIs due to their many sub-companies and partners. Blended with the rapid adoption of new technology telecom companies face, a global telecom organization will experience a major data breach thanks to a shadow API that impacts millions of users’ information and results in subsequent breaches.”