API security
cloud security
API economy
Cybersecurity
August 2, 2024

Selenium Grid Target of Malware Attack

There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.

Selenium Grid Target of Malware Attack

The rise of API breaches

APIs power the modern internet today as we know it by connecting programs and applications across the web. But because they are so critical, APIs are also now the most popular target of cyber attacks and API breaches can be devastating. 

Today in 2024, API breaches are at an all-time high. Not only are they growing more frequent, but they are also becoming more complex with the introduction of technologies such as AI, which can both help API security and help hackers launch attacks against APIs.

APIs in Third Party Apps…

There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities. This is often referred to as an API supply chain issue. 

Visibility is the first part of a strong API security posture. After all, if you can’t see it, you can’t secure it.

The Selenium Grid Attack

A recent attack on the Selenium Grid highlights this issue. The Selenium Grid is a smart proxy server that allows parallel testing on multiple machines. The issue was with the Selenium Grid’s WebDriver API on port 444.

The API allowed full interaction with the machine without authentication. Although documentation warns that this firewall should be closed and appropriate permissions should be applied to the endpoints, users often fail to read instructions in detail.

The attack campaign in question targeted the WebDriver APIs to run Python code. This is possible because of the following issue with Selenium’s WebDriver API. 

On Selenium, one can interact with ChromeOptions, a class in Selenium WebDriver. This gives the user the option to set the chrome binary path to whichever binary the user wants. Threat actors set the path to that of Python’s binary. The WebDriver class also allows the user to add arguments. Thus an attacker can execute any Python code.

What is interesting about this attack in particular is that instead of a breach, it resulted in malware being planted. This case is similar to a recent attack we saw on the Docker API where threat actors used an exposed endpoint to install crypto-mining malware. Attacks like these can be especially pernicious if they go undetected for long periods of time.

Secure your APIs today

Visibility is at the forefront of a strong API security posture. However, many developers are not even aware of all the APIs and endpoints in their cyber environments. FireTail allows you to track, inventory, and get alerts on all activity in your API landscape. 

To learn how it works, schedule a virtual 30-minute demo today, or try it out yourself with our new Free Tier- no credit card needed!

Lina Romero

Related posts

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare
September 10, 2024

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.

Read more
FireTail Selected for TechCrunch Disrupt’s Startup Battlefield 2024
September 10, 2024

FireTail Selected for TechCrunch Disrupt’s Startup Battlefield 2024

We are thrilled to announce that FireTail has been selected to compete in TechCrunch Disrupt’s prestigious Startup Battlefield 2024! Being part of this prestigious event is an honor and testament to the hard work our team has put into building a cutting-edge API security platform.

Read more
The Challenges of API Logging
August 28, 2024

The Challenges of API Logging

APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!