![]() ![]() Fortinet Multiple Products Authentication Bypass (CVE-2022-40684) – 9.8 CVSS.Furthermore, Ivanti’s recent encounter with zero-day vulnerabilities has resulted in significant breaches, including unauthorized access and crypto-mining malware deployment, demonstrating the sophisticated nature of modern cyber threats. Key vulnerabilities identified include serious security flaws in products from Fortinet, Joomla!, and ownCloud, which have facilitated unauthorized access and information disclosure. ![]() Known Vulnerabilities related to API attacks: Africa had the largest rise in attacks compared to January last year, with an 85% increase. North America is the most impacted region with 1 in 4.3 organizations suffering such attacks on average per week. The impact of these attacks on cloud-based networks is now also higher overall than in on-prem environments, fueled by organizations shifting their operations to the cloud along with web application APIs, making it an attractive attack vector. This January showed a 34% increase in attacks on cloud-based organizational networks compared to the previous year, almost double the increase seen in on-premises networks. Moreover, as the cloud threat landscape evolves, cloud-based organizations face a growing threat of cyber attacks over web APIs. Interestingly, a significant drop of 18% was seen in the Information Technology sector, who might have exercised more precautions as major providers and users of API services. The telecommunications sector saw the most significant increase in attacks (+46%), although most sectors also experienced a double-digit increase from last January, emphasizing the urgent need for enhanced security measures across all sectors. The impact of these attacks is widespread across various industries, with education being the most targeted. ![]() This upward trend, observed by Check Point Research in the Check Point ThreatCloud AI data, underscores the critical need for robust API security strategies. ![]() In the first month of 2024, the frequency of API attacks has escalated, affecting on average 1 in 4.6 organizations every week - a 20% increase from January 2023. Despite the implementation of security measures by organizations, the existence of “shadow” APIs-those not officially created or secured by the organization-poses additional risks, as does the adoption of third-party APIs, which may later reveal vulnerabilities that jeopardize all using entities. This exposure is due to the inherent vulnerabilities within Web APIs that can lead to authentication bypasses, unauthorized data access, and a range of malicious activities. APIs, which facilitate communication between different software applications, present a broader attack surface than traditional web applications. The landscape of cyber security is continuously evolving, with Web Application Programming Interfaces (APIs) becoming a focal point for cyber attackers. Notable Vulnerabilities and Incidents: Exploits like the Fortinet Authentication Bypass and Ivanti’s zero-day vulnerabilities have had widespread impacts, with the latter involving unauthorized data access and the spread of crypto-miner malware, demonstrating the critical nature of securing APIs against emerging threats.Meanwhile, cloud-based organizational networks experience a 34% rise in attacks compared to the same period last year, and overtake on-prem organizational networks in the overall impact of API attacks, underscoring the evolving cloud threat landscape. Industry-Wide Impact: Education leads as the most impacted sector, with most sectors having a double-digit surge in attacks from last year.Significant Increase in Attacks: In the first month of 2024, attempts to attack Web APIs impacted 1 in 4.6 organizations worldwide every week, marking a 20% increase compared to January 2023, highlighting the growing risk associated with API vulnerabilities.See how use cases come to life through Check Point's customer stories.Security Controls Gap Analysis (NIST CIST).Unified Security Events and Logs as a Service.Cloud Native Application Protection Platform.Operational Technology and Internet of Things (IoT).Next Generation Firewall (NGFW) Security Gateway.Learn hackers inside secrets and beat them at their own game View Courses.Check Point PRO Proactive monitoring of infrastructure program offerings.Support Programs Programs designed to help maximize security technology utilization. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |