Forefront Insights: Risks of Shadow APIs & Another Major Breach

Welcome to this week's edition of Forefront Insights. You may have heard of a recent major breach of the United Kingdom's Ministry of Defense -- this will be covered in a separate dedicated article. This week, we will explore the hidden danger of shadow APIs, as well as discuss a recent breach of Dropbox's eSignature platform. Make sure to subscribe to our LinkedIn newsletter or directly on our website.

The Risks of Shadow APIs

Shadow APIs represent a significant and often overlooked cybersecurity risk within organizations. These APIs, which are not officially managed or documented by IT departments, can arise from rapid development practices or through third-party services and integrations that do not go through the standard security review process. Because they are undocumented, shadow APIs are not usually protected by the organization's regular security protocols, making them attractive targets for cyber attackers.

The danger with shadow APIs is that they can access sensitive data just like official APIs but without the same level of security scrutiny. Attackers exploiting these APIs can potentially access customer data, financial information, or perform actions that would otherwise require elevated privileges within the system. Cloudflare provides tools that can help organizations gain visibility into all API traffic, including those of shadow APIs. By identifying and monitoring these APIs, organizations can enforce security policies that protect against unauthorized access and data leaks.

To effectively manage the risks associated with shadow APIs, organizations should implement a comprehensive API security strategy that includes regular audits, applying strict authentication, and ensuring encryption of communications. Additionally, educating developers about the risks associated with unofficial APIs and encouraging a culture of security can help prevent the proliferation of shadow APIs.

Read more about this: Shadow APIs: An Overlooked Cyber-Risk for Orgs (darkreading.com)

Data Breach at Dropbox eSignature Service

Dropbox recently announced a significant breach in their eSignature service, where hackers gained unauthorized access and stole customer data along with authentication secrets. This incident underscores the critical need for organizations and individuals to urgently update their credentials and adopt secure password management practices. We strongly recommend the use of password managers like 1Password to generate, retrieve, and store complex passwords that are less susceptible to being compromised.

Read more about this: Dropbox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

North Korean Hackers Exploiting Weak DMARC Policies

The National Security Agency (NSA) has issued a warning regarding North Korean hackers who are taking advantage of organizations with weak Domain-based Message Authentication, Reporting, and Conformance (DMARC) email policies. This technique allows attackers to perform sophisticated phishing and spoofing attacks. Data from Cloudflare Radar shows that in the last year, almost 6% of all emails sent were malicious, with a rise in recent months. This is alarming, as only around 75% of all emails sent globally in the last year passed DMARC checks.

At Forefront, we can assist our clients in configuring robust DMARC policies to protect their email systems from such vulnerabilities, thereby safeguarding their communications from being manipulated by unauthorized parties, as well as monitor DMARC reports for outliers or errors.

Read more about this: NSA warns of North Korean hackers exploiting weak DMARC email policies (bleepingcomputer.com)

Spike in Okta Credential Stuffing Attacks

There has been a noticeable increase in credential stuffing attacks targeting Okta accounts, primarily facilitated through proxy networks. These attacks use previously breached credentials to gain unauthorized access to accounts, emphasizing the importance of robust account security measures such as strong, unique passwords for each service and enabling multi-factor authentication (MFA) wherever possible.

Read more about this: Okta: Credential-Stuffing Attacks Spike via Proxy Networks (darkreading.com)

In Conclusion

This week's insights stress the importance of maintaining rigorous security measures across all aspects of digital infrastructure. As the cyber landscape evolves, so must our strategies to secure it. Forefront remains dedicated to equipping our clients with advanced tools and expertise to navigate these challenges and defend against emerging cyber threats.

Until next week.

Ilyas Esmail
CEO, Forefront