Moving from Threat Hunting to Threat Catching
The goal of a Threat Hunter is to find an attacker in the middle of an attack before they can cause damage. This entails hunting through thousands of requests trying to pick out the malicious telemetry emanating from thousands of endpoints that looks like hundreds of different users. The task ... Read More
Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks
As a mechanism to offload PCI risks, many retailers are now using third-party credit card processing for their online transactions. The retailer’s benefit is they are no longer handling the credit card data, thereby reducing the cardholder footprint (and PCI exposure). The potential drawback to this approach is that now ... Read More
Tales from the Front Lines: Whitelist and Forget, A Cautionary Tale
Stopping attackers and their malicious intent is every security practitioners’ goal. But there are times when we need to grant unfettered access to network resources for day-to-day operations. Better known as whitelisting, I have seen scenarios where an over-zealous whitelist granted from-anywhere to-anywhere access to a database. Security best practices ... Read More
Tales from the Front Lines: Maintaining Detection Efficacy (and Your Cool) in the Summer Heat
In a previous blog, I talked about how the Covid-19 pandemic lockdown had corresponded to an increase in attack intensity. Since then, different parts of the country have begun to reopen, and in some cases reclosing, yet the attackers have maintained their intensity. So, what is the difference now that ... Read More
Kasa Camera Vulnerability Discovery: Responsible Disclosures Feel Like Groundhog Day, Again
When APIs Say Too Much As a Midwesterner and hobby farmer I spend a lot of time solving problems. A few months ago I encountered a problem where a live 2-month-old cucumber plant just suddenly had no leaves. A wander around my greenhouse helped me discover that something was knocking ... Read More
Tales from the Frontlines: Increasingly Sophisticated Cat and Mouse Games
The last Tales from the Frontlines post focused on a single customer and the attack volume increase they experienced following the COVID-19 lockdown. In this installment, we will look at the increasingly sophisticated game of cat and mouse defenders are playing with attackers, including high-volume diversionary tactics commonly used as ... Read More
Tales from the Front Lines: Attackers on Lockdown Focus on APIs
While the world is battling a Pandemic, our customers are battling an increase in bot activity, as evidenced by traffic and attack patterns over the last four weeks. To an attacker, being in lockdown means they may have more time to focus on their malicious actions. API endpoints seem to ... Read More
The OWASP API Security Top 10 From a Real-World Perspective
The OWASP API Security Top 10 (December 2019) highlights how APIs have become the target du jour for attackers. As someone who is both a longstanding OWASP member and who works at a company that sees attacks against customers’ APIs daily, I think publishing this was a significant first step ... Read More
Creating Credential Stuffing Resistant Applications
Recently, the amount of coverage on credential stuffing attacks in the news has grown. Organizations that haven’t yet been hit by this type of attack can sometimes overlook the potential risk and cite that it’s an end user’s responsibility to use more secure credentials. However, following a successful attack, many ... Read More
