API security firm Traceable has released its 2023 State of API Security Report, which highlights the risks and challenges organizations face in securing their APIs. The report surveyed over sixteen hundred respondents from one hundred countries across six industries.
According to the report, only 52% of respondents felt it was necessary to understand which APIs are most vulnerable, indicating a lack of awareness when it comes to API security. Additionally, 54% of respondents prioritized identifying sensitive data-handling API endpoints. These numbers reveal a concerning trend, as organizations must understand their vulnerabilities and prioritize securing sensitive data.
The report also revealed that 60% of organizations surveyed had experienced an API-related breach in the past two years, with nearly three-quarters of respondents stating they had suffered three or more breaches. The top breach methods were distributed denial-of-service (DDoS) attacks, fraud, and API attacks. It is clear that third-party risks are a significant concern, as only 33% of respondents believed they had effectively reduced the risks of third-party access to their APIs.
Looking ahead, a majority of organizations (68%) anticipate that API risks will significantly increase in the next two years. Additionally, nearly half of the respondents cited API sprawl as their biggest challenge in securing the API attack surface. This highlights the need for organizations to address and manage the expanding number of APIs within their systems to mitigate potential vulnerabilities.
Ted Miracco, CEO of Approov Mobile Security, emphasizes the importance of addressing these API security risks. He notes that while APIs enable innovation and interoperability, the study highlights the risks posed by porous APIs and the inadequacy of traditional controls. Miracco believes that organizations need to adopt new API security paradigms centered on identity, Zero Trust, and continuous validation and attestation of API requests.
In another security incident, travel reservation system Sabre has been targeted by a ransomware attack. The ransomware group Dunghill Leak claims to have stolen 1.3 terabytes of data from Sabre, including corporate financial information, passenger turnover and ticket sales data, and personal employee information. Dunghill Leak shared a sample of the stolen data, which includes employee email addresses, work locations, names, nationalities, passport and visa numbers, and employment tax forms.
Sabre spokesperson Heidi Castle acknowledged the claims made by the threat group and stated that Sabre is currently investigating the validity of the data exfiltration. The attack likely occurred in July of last year, according to the sample files provided by the ransomware group.
In another cybersecurity incident, security researcher Igor Golovi discovered fake versions of the popular messaging app Telegram. These fake apps are designed to steal sensitive data from compromised Android devices. The malicious software embedded in the fake apps can collect user names, user IDs, contacts, phone numbers, and even chat messages. The stolen information is then sent to a hacker-controlled server.
The fake Telegram apps attempt to deceive users by mimicking the legitimate Play Store version of the app. Telegram has acknowledged the presence of these fake apps and noted that they appear to be indistinguishable from the real app at first glance. However, the infected versions contain an additional module that escapes the attention of Google Play moderators.
Lastly, the Ragnar Locker ransomware gang has claimed responsibility for an attack on the Mayanei Hayeshua hospital in Israel. Unlike typical ransomware attacks, the hackers did not encrypt any data to avoid disrupting the hospital’s services. However, they claimed to have stolen one terabyte of hospital data, including personal information, internal emails, financial records, and medical cards.
The ransomware group alleges that they discovered vulnerabilities in the hospital’s systems and attempted to contact the administrators to address these issues. However, instead of engaging in dialogue, the hospital allegedly attempted to deceive the hackers with phishing tactics. In response, the hackers decided to release a portion of the stolen data and threatened to publish the rest in the coming days.
Overall, these incidents highlight the ongoing challenges organizations face in securing their APIs, protecting sensitive data, and defending against ransomware attacks. It is crucial for organizations to prioritize API security, adopt new security paradigms, and continuously assess and update their cybersecurity measures to stay ahead of evolving threats.