Wednesday, July 1, 2026
HomeCyber SecurityWhat Occurs to My Group If APIs Are Compromised?

What Occurs to My Group If APIs Are Compromised?

[ad_1]

What Occurs to My Group If APIs Are Compromised?

Query: What occurs to my group if APIs are compromised or abused?

Michael Isbitski, technical evangelist, Salt Safety: Impacts from API abuse embody the plain solutions of information breach and model harm, however safety practitioners are wrestling with many extra issues. The $700 million Equifax settlement that was the results of API abuse has turn out to be a measurement for potential enterprise impression. Observing current API safety incidents, among the largest impacts included information loss, privateness erosion, account takeover, fraud, and provide chain compromise.

Knowledge loss is rampant in circumstances the place APIs don’t implement enough authentication and authorization, a typical mistake that organizations make when stress-free entry controls to advertise API adoption. We have additionally seen quite a few scraping incidents the place malicious actors harvest information en masse by way of APIs, even for APIs that require authentication. Latest scraping examples embody the API incidents at Fb and LinkedIn, in addition to the incidents with Experian and Peloton, the place the potential for mass scraping was disclosed early by safety researchers. Whereas the corporate line for sufferer organizations is usually that these incidents don’t match the definition of a knowledge breach, regulatory language can differ, and privateness impacts to prospects are clear.

Attackers additionally abuse APIs with brute-forcing and credential-stuffing methods with the purpose of compromising person credentials or account takeover (ATO). The priority over ATO is frequent in all industries, but it surely hits monetary companies and monetary expertise notably laborious. As soon as an attacker has taken over an account, they use that entry to escalate privileges additional or perpetuate different fraud. We have additionally seen digital provide chain assaults and complicated assault chains the place APIs are the preliminary or prime assault vector. As soon as attackers have obtained entry by way of APIs, they abuse that entry to compromise different methods or pivot inside a corporation’s networks. The Microsoft Trade Server assaults in March 2021 had been an incredible instance of the sort of API assault.

Sustain with the newest cybersecurity threats, newly-discovered vulnerabilities, information breach data, and rising tendencies. Delivered each day or weekly proper to your e mail inbox.

[ad_2]

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments