Do you remember when ransomware was the most pressing security concern for DevOps teams?
Those times have passed. Gartner predicts that API security breaches, which surged by 600% in 2021, will overtake ransomware attacks as the primary attack vector for threat actors.
The news is not good. The good news is that, with some small modifications, the security policies that DevOps teams now have in place to guard against ransomware can also be used to deliver API security.
Read on for a look at the current state of API security and advice on building upon the ransomware defensive tactics already employed by DevOps to better safeguard your APIs.
It may come as a surprise, but when we consider how reliant we have become on APIs over the past five years, it’s not unexpected at all that they have become an attacker’s closest buddy.
The history of APIs spans several decades. However, until recently, APIs were mostly utilized for B2B or infrastructure integrations, or for specialized kinds of apps. Internal (or east-west) APIs have emerged as the glue that binds application environments together and transmits information (sometimes sensitive) between an application’s components and micro-components since the shift toward microservices and distributed architectures.
There are already around 22,000 publicly available APIs and many more internal APIs, making the publication of public APIs a standard practice for practically any company with a software product.
As a result, APIs can be used to launch attacks against nearly any program or service. Consequently, it is not surprising that hackers are increasingly concentrating on APIs as a means of gaining unauthorized access.
One common misconception is that API security calls for entirely new methods and technologies. However, there are many similarities between protecting against ransomware and and protect against vulnerabilities in APIs. DevOps teams, meanwhile, are an important safeguard against such threats.
In this article, we will discuss how to incorporate anti-ransomware measures into a broader approach against API exploitation.
API attacks often migrate laterally across a system, much like ransomware, which uses flaw and vulnerability exploitation to spread from endpoint to endpoint.
This means that while you may not be able to stop all API (or ransomware) assaults from penetrating your network’s defences, you can take measures to limit the damage that can be done once an attack succeeds. Before a widespread penetration occurs, it is important to identify malicious activities within your environment at an early stage.
There is a symmetry between ransomware and API attacks in that they both aim to steal your data. This information is valuable to the criminals behind the ransomware attacks. Data exfiltration is a common goal of API attackers like those who stole user credentials from compromised Peloton accounts or those who breached LinkedIn’s API to scrape data on 700 million members.
Securing your data is the most effective defences against ransomware and API security threats. The danger of data exfiltration due to API security breaches can be reduced by establishing stringent access rules and segmenting what both internal and public APIs can accomplish.
For ransomware and API assaults, in particular zero-day or unknown attacks, putting all your eggs in the signature-based security control basket won’t help. While it’s important to take precautions, it’s difficult to ensure that a breach won’t occur despite your best efforts.
To prevent ransomware and API assaults, it is essential to implement behaviour-based security models. Security anomalies, such as those involving requests of a peculiar sort or an odd pattern, can be uncovered by behavioural security models. You can stop attacks in their tracks by modelling and defining baseline behaviour, then using that model to detect anomalies.
Similarly, there is no fool proof method of protection against API attacks or ransomware by focusing just on securing the environment’s perimeter. The alternative is to disperse safeguards across the entirety of your network’s endpoints, applications, services, and the like.
Nothing, I repeat, can ensure that intruders won’t succeed. Your defence will be most effective if it makes it difficult for them to expand a small breach into a breach that affects a wide variety of resources.
When it comes to standard security monitoring tools, ransomware and API assaults share a lot of similarities.
For instance, hackers may try to gain access through the always-open default HTTP/HTTPS ports (80 and 443). Therefore, it is critical that API traffic security not rely just on using encrypted connections or standard port numbers. Instead, you need to carefully examine the payload before you can begin to decipher the protocols. To gain a more complete picture of what’s happening in the natural world, it’s crucial to keep an eye on a wide range of variables, collect data from a variety of sources, and then analyse the results.
It’s true that there are important distinctions between ransomware and API security attacks. Different protocols are exploited, and the attackers’ motivations vary.
However, there are some striking similarities between ransomware assaults and API attacks in terms of how attackers work, what they aim to steal (your data), and the limitations of perimeter-based protection.
That’s why there’s no need for developers and DevOps teams to completely revaluate their approach to security considering the increase in API attacks. Instead, you should take the measures you already take to prevent ransomware and apply them to the security of your APIs.