The Hostinger Breach and the Rise of API Threats
… reside outside of the application security infrastructure, and/or are ignored by security processes and teams.
“APIs are one of the most powerful features in many new products, but they are often overlooked for security purposes. There are new stories all of the time about people getting hacked via an API exploit, such as the ConnectWise API vulnerability involving a plug-in this year that allowed multiple operations to be performed on a Kaseya server without authentication,” said Sage Driskell, security engineer at The 20, a group of managed service providers across North America who joined forces.
At least a patch was released soon afterward for the Connectwise API vulnerability. But the situation for the API economy overall is worsening by the moment.
“What’s more is that APIs are being added and consumed by organizations on such a rapidly recurring basis that API security is only getting more complicated, making the ability to develop viable solutions to these data breaches even more complex. With so much uncertainty across the industry, what we do know for certain is that traditional application security is no longer enough to protect organizations and their data,” said Konrad.