There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.
APIs power the modern internet today as we know it by connecting programs and applications across the web. But because they are so critical, APIs are also now the most popular target of cyber attacks and API breaches can be devastating.
Today in 2024, API breaches are at an all-time high. Not only are they growing more frequent, but they are also becoming more complex with the introduction of technologies such as AI, which can both help API security and help hackers launch attacks against APIs.
There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities. This is often referred to as an API supply chain issue.
Visibility is the first part of a strong API security posture. After all, if you can’t see it, you can’t secure it.
A recent attack on the Selenium Grid highlights this issue. The Selenium Grid is a smart proxy server that allows parallel testing on multiple machines. The issue was with the Selenium Grid’s WebDriver API on port 444.
The API allowed full interaction with the machine without authentication. Although documentation warns that this firewall should be closed and appropriate permissions should be applied to the endpoints, users often fail to read instructions in detail.
The attack campaign in question targeted the WebDriver APIs to run Python code. This is possible because of the following issue with Selenium’s WebDriver API.
On Selenium, one can interact with ChromeOptions, a class in Selenium WebDriver. This gives the user the option to set the chrome binary path to whichever binary the user wants. Threat actors set the path to that of Python’s binary. The WebDriver class also allows the user to add arguments. Thus an attacker can execute any Python code.
What is interesting about this attack in particular is that instead of a breach, it resulted in malware being planted. This case is similar to a recent attack we saw on the Docker API where threat actors used an exposed endpoint to install crypto-mining malware. Attacks like these can be especially pernicious if they go undetected for long periods of time.
Visibility is at the forefront of a strong API security posture. However, many developers are not even aware of all the APIs and endpoints in their cyber environments. FireTail allows you to track, inventory, and get alerts on all activity in your API landscape.
To learn how it works, schedule a virtual 30-minute demo today, or try it out yourself with our new Free Tier- no credit card needed!