Tag: APIbased | SpinSafe

Tag Archive for: APIbased

Financial services increasingly targeted for API-based cyberattacks

November 29, 2022/in Internet Security

A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year.

APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based services among the consumer base. The pandemic merely accelerated a growing trend toward remote banking services, which led to a corresponding growth in the use of APIs.

With every application and every standardization of how various app functions talk to one another, which creates APIs, the potential target surface for an attacker increases, however. Only high-tech firms and e-commerce companies were more heavily targeted via API exploits than the financial services industry.

“Once attackers launch web applications attacks successfully, they could steal confidential data, and in more severe cases, gain initial access to a network and obtain more credentials that could allow them to move laterally,” the report said. “Aside from the implications of a breach, stolen information could be peddled in the underground or used for other attacks. This is highly concerning given the troves of data, such as personal identifiable information and account details, held by the financial services vertical.”

Beyond attacking financial services firms themselves, the report said, cybercriminals have customer accounts in their sights as well. More than 80% of attacks against companies in the industry target customers, instead of institutions, via phishing or direct attack.

Attackers have been quick to leverage zero-day vulnerabilities discovered in systems used by financial services companies, noted Akamai. One example from this year is the remote code execution vulnerability found in Atlassian’s Confluence Server and Data Center products—less than a week after the flaw was publicly disclosed, Akamai recorded nearly 80,000 Confluence-based attacks per hour during one period in the evening of June 7.

Source…

IT Security Leaders Prioritize Investments in Automation, Zero Trust and API-based Security to Protect a Rapidly Transforming IT Ecosystem

March 23, 2021/in Mobile Security

Global Independent Study of 500 Senior Level Respondents Provides Clear Picture for the Future of Network Security

Dallas, Texas | March 23, 2021 | – Distinct priorities have emerged when it comes to responding to the needs of IT security’s rapid transformation, independent research sponsored by FireMon has found. The survey of 500 cybersecurity leaders across North America and EMEA uncovered the key investments organizations are making, and the rationale behind their decisions.

“The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fueled explosion in distributed and remote work has created a perfect storm for network security teams,” said Satin H. Mirchandani, President and CEO of FireMon. “It’s no wonder that they’re adding new technologies, architectures, and approaches to ensure their networks remain protected.”

The survey identified five major areas for network security investment:

Automation – More than 50 percent of organizations are currently investing in automating policy management to safeguard against inefficient and risky functions and 79 percent say they’ll implement security orchestration and automation within two years to improve agility and responsiveness.
Zero Trust – 45 percent of organizations plan to implement a Zero Trust in the next 12 months, adding to the 17 percent of organizations that have already begun this process. The biggest drivers are a greater need for secure remote access (72 percent), reducing cybersecurity risk (70 percent), and supporting the transition to cloud architectures (51 percent).
Secure Access Service Edge (SASE) – 85 percent of organizations have either already implemented a SASE platform or plan to do so within two years.
Security-Development Misalignment: 82 percent of IT leaders admit their application development (DevOps) and network security operations teams are not well aligned.
Heterogeneity and Integration: With growing complexity and heterogeneity, 95% of respondents are concerned about the lack of integration of network security platforms and their IT infrastructure.

From an automation perspective,…

Source…