Among the top five factors leading to major global cyber incidents, one cyber weakness stood out in the Asia Pacific region…
In 2022, a research team from one cybersecurity firm analyzed over 100 of the largest and most well-known data breaches to gain some insights into cyber trends.
From the analysis, done in conjunction the firm’s partners in Asia Pacific region, five common security issues in the region were identified.
First on the list were unauthenticated application programming interfaces (APIs) that were exposed to the public Internet with direct access to a database, where customers’ personally identifiable information (PII) are stored. In 2022, this issue caused at least two major large-scale breaches of more than 10m records in the region. Following this issue four areas of concern:
- Poorly secured application login points that were susceptible to account takeover attempts. Once working credentials were verified by attackers, these vulnerabilities often led to exfiltration of user data from the database used by the application. Valid login credentials were often used by attackers to perform more sophisticated reconnaissance of the application and attacks involving API exploitation.
- Cases of broken application/API data authorization that led to one user with legitimate credentials being able to access other users’ data. Malicious actors can make use of this vulnerability, also called Broken Object Level Authorization (BOLA), to steal data. By authenticating as one user and then using basic programmatic iterating of a select API parameter, an attacker can gain access to other users’ data outside their intended authorization scope.
- Weakly designed and coded APIs behind API gateways on a cloud service provider were exploited by attackers to gain access to vast amounts of PII data in a database. Although victims may have used API gateways, they did not provide security capabilities that were comprehensive enough to detect and/or mitigate the attacks.
- Poor practices around database integration and migration activities where subsets of temporary data are left behind and often open to public access. This usually happens when migrating from one database flavor to another, or when moving one’s data to the cloud or between cloud service providers. Not doing so correctly inadvertently exposes data to cyber attackers.
According to Reinhart Hansen, Director of Technology, Office of the CTO, Imperva, which conducted the analysis. “Organizations are flying blind when it comes to identifying anomalous and abusive data access that could be a data breach in flight or a key indicator that a breach is about to happen. In most of the breaches analyzed, the lack of in-depth security stands out as the main reason. Organizations can reduce the attack surface through better database security, separating their database and application servers, and diluting excessive privileges from key users.”
Specifically, the firm recommends IT defenders to gain complete, automatic visibility into all data stores from a single dashboard; know their “normal” data state so that anything event out of the ordinary is notified immediately for faster remediation and for reducing alert fatigue; implement Security Orchestration, Automation, and Response (SOAR) technology to eliminate the human bottleneck from incident detection and response; integrating security tools to reduce sprawl and achieve higher visibility and efficiency; and training all employees to be committed stewards of data protection who never use unsecured public cloud services or break best practices in password and social media hygiene.
