{"id":89242,"date":"2023-05-02T22:12:44","date_gmt":"2023-05-02T22:12:44","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4080383"},"modified":"2023-05-02T22:12:44","modified_gmt":"2023-05-02T22:12:44","slug":"at-rsa-akamai-put-focus-on-fake-sites-api-vulnerabilities","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=89242","title":{"rendered":"At RSA, Akamai put focus on fake sites, API vulnerabilities"},"content":{"rendered":"<figure id=\"attachment_4046992\" aria-describedby=\"caption-attachment-4046992\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4046992\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/at-rsa-akamai-put-focus-on-fake-sites-api-vulnerabilities.jpg\" alt=\"This illustration shows a cloud with a lock above a globe of the Earth.\" width=\"770\" height=\"433\"><figcaption id=\"caption-attachment-4046992\" class=\"wp-caption-text\">Image: Ar_TH\/Adobe Stock<\/figcaption><\/figure>\n<p>Last year, attacks using vulnerabilities in applications and application protocol interfaces reached record highs, according to security company Akamai in its new <a href=\"https:\/\/www.akamai.com\/resources\/state-of-the-internet\/slipping-through-the-security-gaps-the-rise-of-application-and-api-attacks\" target=\"_blank\" rel=\"noopener noreferrer\">State of the Internet<\/a> report. The firm said several common vulnerabilities and CVEs \u2014 common vulnerabilities \u2014 persisted last year on the heels of the well-known <a href=\"https:\/\/www.techrepublic.com\/article\/log4shell-still-out-there-still-dangerous-and-how-to-protect-your-systems\/\">Log4Shell<\/a>, <a href=\"https:\/\/unit42.paloaltonetworks.com\/proxynotshell-cve-2022-41040-cve-2022-41082\/\" target=\"_blank\" rel=\"noopener noreferrer\">ProxyNotShell<\/a>, <a href=\"https:\/\/www.akamai.com\/blog\/security\/spring-core-spring4shell-zero-day\" target=\"_blank\" rel=\"noopener noreferrer\">Spring4Shell<\/a> and <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2022\/06\/02\/atlassian-releases-security-advisory-confluence-server-and-data#:~:text=Atlassian%20has%20released%20a%20security%20advisory%20to%20address,that%20there%20is%20known%20exploitation%20of%20this%20vulnerability.\" target=\"_blank\" rel=\"noopener noreferrer\">Atlassian Confluence<\/a> remote code executions. The company pointed out that the inclusion of API vulnerabilities in the <a href=\"https:\/\/owasp.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Open Web Application Security Project<\/a>\u2019s upcoming API Security Top 10 release reflects growing awareness of API security risks.<\/p>\n<p>Content delivery network and cloud services provider Akamai, which <a href=\"https:\/\/www.techrepublic.com\/article\/api-akamai-acquires-neosec\/\">recently acquired<\/a> API security firm Neosec in a deal expected to close in the next two weeks, is joining the API security ecosystem. The strategy is one that Rupesh Chokshi, the senior vice president and general manager of application security at Akamai, said puts the company in a hyper-competitive and hyper-fragmented vertical.<\/p>\n<p>\u201cThere are lots of players in this space and a different angle everyone is taking,\u201d Chokshi told TechRepublic at Akamai\u2019s booth at the RSA conference in San Francisco. \u201cWhat we need to do as an industry is more centralization of education: what are the threat vectors, the attack surfaces, how are adversaries attacking. A lot of the customers\u2019 questions have been around discovery and visibility.\u201d<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"visibility\">Visibility and depth are key<\/h2>\n<p>\u201cThe journey is simple for the customer,\u201d said Chokshi. \u201cThe journey starts with \u2018give me visibility, discovery, alerts and can you go deeper into my application types, and provide more inline protection: can you help me fight the attack, shut it down and protect it?\u2019 What I find interesting is when I talk to customers, in general, API management, traction, tooling and security constitutes a massive space where customers are looking for how to keep up, maintain my inventory and understand my applications. How do I know which ones are even within my data center, because the whole architecture is modular, with microservices, a lot of cloud native apps. With digital transformation, we are continuing to be in an even more connected economy and the whole supply chain is heavily digitized and dependent on APIs.\u201d<\/p>\n<h2 id=\"api\">API threats grow with API volume<\/h2>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>Akamai noted companies use an average of 1,061 apps and, to give a sense of the scope of attacks, noted that there were 161 million API attacks on Oct. 8, 2022 and peaked on Oct. 9. Akamai\u2019s report attributed growth in attacks to faster app development lifecycle and production cycle. Indeed, as Akamai noted, an Enterprise Strategy Group survey reported that nearly half of organizations said they release vulnerable apps into production because of time constraints.<\/p>\n<p>The company reported an increase in the accidental release of vulnerabilities, with one in 10 vulnerabilities in the high or critical category found in internet-facing applications. In addition, the number of open-source vulnerabilities like Log4Shell doubled between 2018 and 2020, with attacks in many cases beginning within 24 hours of vulnerability release.<\/p>\n<h2 id=\"attack\">Attack vectors in 2023<\/h2>\n<p>Akamai\u2019s report asserted that local file inclusion, or <a href=\"https:\/\/www.acunetix.com\/blog\/articles\/local-file-inclusion-lfi\/\" target=\"_blank\" rel=\"noopener noreferrer\">LFI<\/a>, a vulnerability due to programmer error, is the vector driving the most growth in web application and API attacks, as it is used by adversaries mainly for reconnaissance or to scan for vulnerable targets. The report said that LFI vulnerabilities sometimes let attackers obtain log file data that could help them breach deeper parts of the network.<\/p>\n<p>According to the report, these were the major API risks:<\/p>\n<ul>\n<li>There were 14 million server-side request forgery, or SSRF, attempts daily against customer web applications and APIs last year.<\/li>\n<li>Because of open-source vulnerabilities like Log4Shell, Akamai predicts growth in server-side template injection, or <a href=\"https:\/\/www.cobalt.io\/blog\/a-pentesters-guide-to-server-side-template-injection-ssti\" target=\"_blank\" rel=\"noopener noreferrer\">SSTI<\/a>, techniques that allow remote code execution by injecting code into a template.<\/li>\n<li>Attacks on medical IoT devices grew 82% last year, and Akamai said it expects that trend to continue.<\/li>\n<\/ul>\n<p>\u201cAs we continue to be in an even more connected economy, the API is the link that needs to be looked at heavily. A lot of these transactions are high velocity. At high pace, you want that infrastructure to work,\u201d Chokshi said.<\/p>\n<p>A November 2022 report from consultancy Gartner noted that the explosive growth of APIs is expanding that attack surface, giving malicious actors new breach and data exfiltration opportunities. It noted that the wide dispersion of APIs and their lack of homogeneity challenges a defense-in-depth approach to security. \u201cThis is being driven by modern application architecture, development, deployment and integration patterns,\u201d the report noted.<\/p>\n<p>The report also suggested that less mature organizations have less visibility into their API surfaces because they lump API security into general web application security and therefore invest in firewalls, DDoS protection and other types of general perimeter protection. \u201cThis naive approach prevents them from fully understanding and securing their API landscape,\u201d the report stated.<\/p>\n<p>Chokshi said because of the sheer volume of data traveling across APIs, security requires the application of AI-powered analytics.<\/p>\n<p>\u201cIt\u2019s difficult to know how much of that traffic constitutes a threat, and that is where the detection secret sauce comes into play, a combination of machine learning, AI models and behavior analytics. The processing power you need is significant because you want to take billions of transactions, sift through it and identify issues and quickly alert customers. That\u2019s where the industry has evolved and focused on innovation,\u201d he said.<\/p>\n<p>Gartner, in its report on tackling API security, recommends to:<\/p>\n<ul>\n<li>Catalog and classify APIs, both internal and external, to inform a proper risk assessment and enable engagement with API owners and delivery teams.<\/li>\n<li>Assess risk based on various API characteristics including data sensitivity, business criticality, and customer impact.<\/li>\n<li>Fill gaps in web applications and API protection to improve API security.<\/li>\n<li>Implement continuous discovery of APIs and integrate with API management platforms to ensure consistent visibility.<\/li>\n<li>Integrate API security into the software development life cycle to create a security-conscious culture and processes.<\/li>\n<li>To that end, work with software engineering teams to enable self-service API specification validation, API security testing and catalog registration.<\/li>\n<li>Establish a community of practice to build awareness and help establish shared responsibility and accountability for security throughout the API life cycle.<\/li>\n<\/ul>\n<h2 id=\"akamai\">Akamai launches anti-phishing mirror-site detector<\/h2>\n<p>At RSA, Akamai launched <a href=\"https:\/\/www.akamai.com\/newsroom\/press-release\/akamai-announces-brand-protector-to-defend-against-phishing-attacks-and-fake-websites\" target=\"_blank\" rel=\"noopener noreferrer\">Brand Protector<\/a>, a new platform designed to thwart traffic to fake websites using stolen brand assets.<\/p>\n<p>The company said Brand Protector addresses the problem of fraudulent impersonations with a four-step approach, comprising:<\/p>\n<ul>\n<li>Intelligence from analysis of over 600 TB of data a day, both from Akamai\u2019s network and third-party data feeds for holistic visibility.<\/li>\n<li>Detection of brand abuse through live traffic (rather than delayed feeds and lists) tracing ideally before a phishing campaign begins.<\/li>\n<li>Single-dashboard visibility delivered in real-time with findings ranked by threat score with a confidence score, severity rating, number of affected users and a timeline of attack events.<\/li>\n<li>Mitigation capabilities through the ability to issue takedown requests of the abusive site within the user interface, attaching the detection\u2019s evidence and supporting details for ease of use.<\/li>\n<\/ul>\n<p>\u201cThe technical teams we have, innovation from our Tel Aviv office, actually allows us to see that the bad guys are actually going to the real websites to pull objects \u2014 logos and images \u2014 as the webpage is rendering. We saw traffic going to these fake websites, we saw information being pulled to create them, and end user traffic going to them,\u201d said Chokshi.<\/p>\n<h2 id=\"keep\">Keep moving or sink<\/h2>\n<p>Choksi said that adversaries line up like \u201cpilot fish\u201d to spoof the websites of brands often timed around customer events. \u201cWe see customers we serve running promotions to generate traffic, and adversaries spin up phishing websites to pull that traffic. It happens all the time,\u201d he said.<\/p>\n<p>\u201cWhat motivates our security teams and researchers is figuring out what the adversaries are up to today. \u2018What are my signal points? How do I connect those data points and feel confident I\u2019m onto something?\u2019 It requires a very special talent, and conviction, and cybersecurity is one of those fields where continuous learning is very important. You have to keep moving and advancing,\u201d he added.<\/p>\n<p> <!-- default newsletter at the end --> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Ar_TH\/Adobe Stock Last year, attacks using vulnerabilities in applications and application protocol interfaces reached record highs, according to security company Akamai in its new State of the Internet report. The firm said several common vulnerabilities and CVEs \u2014 common vulnerabilities \u2014 persisted last year on the heels of the well-known Log4Shell, ProxyNotShell, Spring4Shell and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":89243,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[327,40,788,783,295,56,720,113,287],"tags":[],"class_list":["post-89242","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-api","category-cloud","category-cloud-security","category-cloudsync","category-cve","category-cybersecurity","category-gartner","category-phishing","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=89242"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89242\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/89243"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=89242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=89242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=89242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}