Interviews | June 2, 2023

Vulnerable APIs Have Become a Preferred Attack Vector for Hackers

Axonius | BlackBerry | Noname Security | Pentera

Lenny Zeltser


Q1. What are some of the potential benefits and challenges associated with integrating AI and ML technologies into asset management platforms? How can they enhance an organization's ability to detect and protect against threats?

Once a company finally gathers all of its asset data in a single place, handles correlation, and can trust that this inventory will serve as an authoritative, up-to-date source of digital infrastructure, there's still another challenge: what questions should you ask about your assets? It's not always easy to formulate the right questions, and LLMs are likely going to be a great tool for doing so. First and foremost, they'll allow for using natural language to query what may be a deep and complicated dataset (otherwise requiring questions to be formatted in a specific query language, which can be prone to human error).

However, concerns around data privacy and security remain. Companies are hesitant to share sensitive asset data too widely as far as use cases beyond natural language query generation, so expect to see an increased use in offline models, especially once more commercially licensable models are released and software frameworks for fine-tuning or accessing private data via LLMs are made more accessible.

We're still in the early days, but LLMs will likely significantly bolster threat detection and protection capabilities by identifying anomalies and vulnerabilities within the asset data in ways that humans are less likely to do quickly.

Q2. How can organizations enhance their cybersecurity asset management practices to enable visibility across their network of external vendors, suppliers and partners?

Cybersecurity asset management isn't just about devices and users in a world where companies also rely heavily on SaaS providers. In fact, when it comes to external visibility, M&A is another situation where it becomes important for one organization to go much deeper into assessing the cyber hygiene of another organization -- and cybersecurity asset management solutions do this effectively.

Acquiring organizations will want to look for a solution like Axonius that is agentless and doesn’t require network scans or agents on endpoints. Instead, customers connect to the solutions they already use, delivering a complete asset inventory in just days. This inventory can then be used to identify areas of immediate risk, including devices missing endpoint security agents, devices found with high and critical vulnerabilities, public-facing assets not being scanned for vulnerabilities, users with expired passwords, and more.

The other company's willingness to remediate vulnerabilities and security gaps will not only demonstrate their attitude toward secure practices, but it will give the acquiring company a view into the state of their security culture. And it will give the acquiring company confidence in its decision to move forward with the deal.

Q3. What has Axonius lined up for customers at Black Hat USA 2023? What are some of the company's plans at the event?

We have quite a bit lined up for Black Hat attendees this year. We'll be at booth #1040, where we'll be giving away game consoles over the course of the week. Each console contains 400 popular games including Super Mario Bros, Galaga, and Donkey Kong. To snag one, take a demo with one of the members of our on-site team. Later in the week on Wednesday, August 9th, we'll be participating in the Booth Crawl from 4-5 p.m. Drinks and appetizers will be on us to prepare you for the rest of your evening.

Beyond the activities at our booth, we'll also be sponsoring the CISO Summit on Tuesday, August 8th. This is an invite-only event that brings together top security executives from organizations and governments around the world to discuss the latest technologies, trends, and threats that should be on everyone's radar.

And finally, we have a speaking session that will discuss how the Axonius security and IT team leverages our own Cybersecurity Asset Management platform to strengthen our security posture. We'll highlight two key use cases: patching unmanaged software and our integration with Panther Labs. Hope to see you there!

Dmitry Bestuzhev
Senior CTI Director


Q1. What explains the growing popularity of macOS as an attack target for threat actors? What should organizations be doing to address the threat?

There are several reasons for this. The increasing market share of macOS devices has made them more attractive targets. As the user base expands, cybercriminals see a larger pool of potential victims and a higher likelihood of attack success.

macOS has been traditionally considered safer than other operating systems, and this perception has led to a false sense of security among users. Many macOS users may not implement robust security measures or keep their systems up to date, assuming they are inherently protected. This complacency allows threat actors to take advantage and gain access. Cross-platform programming languages like Golang have opened a big door for opportunistic attacks in both Windows and macOS.

Cryptocurrency investors often choose macOS platforms, believing they are less likely to be compromised due to their perceived security advantages. Targeted attack threat actors acknowledge this trend and specifically target macOS users to gain access to their digital wallets.

To address the growing threat, organizations should take proactive actions to enhance their security posture. They should start by educating their employees about the risks associated with using macOS devices and promote a culture of security awareness. Regular training sessions and reminders about best practices can go a long way in mitigating potential threats. Regular security audits and vulnerability assessments can help identify and address any flaws in the systems. Furthermore, organizations should be cautious when using third-party software on their macOS devices. They should carefully vet and verify the authenticity and security of any software before installing or updating it. An excellent example of this is the recent 3CX supply chain attack compromising Windows and macOS machines. Finally, having an actionable Cyber Threat Intelligence program is vital to lessen the risks targeting macOS users and your industry specifically.

Q2. What role can machine learning and predictive analytics play in improving the accuracy and effectiveness of cyber threat intelligence? How can organizations leverage these technologies to stay ahead of adversaries?

By analyzing large volumes of data, Machine Learning (ML) can identify patterns and trends that might not be apparent to human analysts. This optimizes Cyber Threat Intelligence (CTI) by using algorithms to collect and process large volumes of data from various sources, catching sophisticated attack patterns ahead of time, providing guidance on how to mitigate threats, and providing a faster response time in the event of an incident, which can help minimize the damage caused by a cyberattack.

On the other hand, Artificial Intelligence (AI) plays an important role in attributing threat actors. By connecting the dots in their operations, AI algorithms can analyze vast amounts of data, detect patterns, and uncover hidden relationships that human analysts might overlook. This capability enables organizations to gain a better understanding of threat actors' tactics, techniques, and procedures (TTPs), leading to more accurate attribution.

Organizations can leverage ML to stay ahead of adversaries and cyberattacks in many ways. Machine learning can create predictive models that help identify and prevent attacks, monitor network traffic in real-time to detect new threats as they emerge and alert security teams, and automate threat response actions, which helps reduce response times and minimizes the impact.

However, it's important to note that AI systems are not infallible and should not replace human expertise. Human analysts play a vital role in interpreting the insights generated by AI algorithms, validating the findings, and making contextual decisions based on their expertise and knowledge.

Q3. What is BlackBerry's main focus and messaging at Black Hat USA 2023? What do you want people to know about the company's CTI offering?

At BlackBerry, our focus is to connect, secure, and manage every endpoint in the Internet of Things. Beyond a secure enterprise or secure building, we think about building critical infrastructure, securing utilities, automotive safety, and securing end consumers. BlackBerry protects businesses, endpoints, and people, with smarter security solutions that are more effective and require fewer resources to support.

Imagine trying to find your way to somewhere you’ve never been, but your maps app is missing the roads and highways. You would probably take wrong turns, and the odds of arriving where you need to be — when you need to be there — would be greatly diminished. Threat intelligence puts those directions back on the map.

BlackBerry’s Cyber Threat Intelligence (CTI) offering – CylanceINTELLIGENCE -- provides faster access to contextual threat intelligence to anticipate attacks and give security teams insight into who threat actors are, what motivates them, how they operate, and how to take a proactive stance to defend their enterprise. In doing so, organizations can become cyber resilient, gaining the ability to foresee and withstand attacks specifically crafted against them. They can also recover from cyber events and adapt to a changing threat landscape.

Delivered on a quarterly subscription basis, CylanceINTELLIGENCE provides actionable intelligence on targeted attacks and cybercrime-motivated threat actors and campaigns, as well as intelligence reports specific to industries, regions, and countries – saving organizations time and resources by focusing on specific areas of interest relevant to a company’s security goals.

Shay Levi
CTO and co-founder

Noname Security

Q1. Noname Security announced some major enhancements to its API security platform in March 2023. What are some of these enhancements and how do they build on the platform's existing capabilities?

In today's digital age, APIs have become an essential component of many organizations' business strategies. APIs provide a way to access and share data, streamline processes, and enable innovation. However, with the increased use of APIs comes the heightened risk of cyberattacks, making API security a top priority for businesses.

The Noname API Security Platform offers a comprehensive approach to API security, providing end-to-end protection against both known and unknown threats. The platform employs advanced technologies like artificial intelligence and machine learning to identify and prevent attacks before they can cause damage. Noname Security's platform continuously monitors API traffic, detects anomalies, and takes action to prevent attacks in real time.

In March, we unveiled a new release of the platform to enhance visibility into users’ API environment and protect against the growing number of API-based threats.

The latest offerings deliver new capabilities across the entire platform – covering discovery, posture management, runtime protection, pre-production testing, and deployment – to help customers:

  • Locate and provide insight into every API in an organization’s ecosystem
  • Detects and blocks API attacks with real-time traffic analysis
  • Deliver secure APIs faster with active testing
  • Continuously adapt to changing environments

We made these enhancements to ensure our platform remains the most advanced API security solution on the market, catering to complex deployment and regulatory requirements, and providing support for the broadest set of ecosystem integrations ensuring compatibility with your current and future environments.

Q2. As APIs become increasingly interconnected across various systems and platforms, what emerging security challenges should organizations anticipate? What should they be doing now, to address the challenges?

After reviewing the notable breaches from last year, it doesn’t take long to realize that vulnerable APIs were the most preferred attack vector for hackers.

APIs are the common thread that connects all devices and microservices; gaining access to the pipeline that carries sought-after information can prove profitable. In today’s drive toward digital transformation, the popularity and use of APIs increase, as does the cyber-risk landscape associated with it.

Our new digital age of hyperconnectivity means that everyday items like your vehicle are also smart devices, which also means that exploited API vulnerabilities could expose your vehicle's location or enable hackers to compromise your vehicle's remote management system. In the event your remote management was actually breached, cybercriminals would have the ability to unlock your vehicle, start the engine or even disable the starter altogether.

There are currently two things happening that make securing APIs difficult. First, the number of APIs being created, maintained, and used in these environments is growing exponentially. Second, the traffic and volume of information these APIs are transacting is through the roof.

Add to the equation microservices and connections between devices, and the potential for vulnerabilities is quite high. For an attacker, exploiting these APIs can be relatively easy once they find a vulnerability.

The bottom line: APIs are and will continue to be a lucrative attack vector for hackers to exploit as long as organizations continue to ignore them.

Organizations need to invest in technologies and solutions that proactively address API misconfigurations and vulnerabilities, and provide intelligent analysis of the information that’s being transacted in order to respond to the speed and growth of information at scale. Automation is critical for closing the gap between what a security team can handle on its own, and the ever-expanding API attack surface that exists today.

Q3. What are Noname Security's plans at Black Hat USA 2023? What is your organization's main messaging focus at the event?

Today, most APIs are not security tested before they are pushed to production. Quality assurance (QA) processes review apps and APIs for functionality, and some APIs are run through security testing tools, but the limits of these tools means that most APIs are overlooked. This leaves APIs vulnerable, despite handling organizations’ most important data, including personally identifiable information (PII), personal health information (PHI), or financial data such as payment card industry (PCI) data.

Forward-thinking organizations have embraced “shift left” and “DevSecOps” methodologies to incorporate security earlier in the development lifecycle. However, traditional testing tools and approaches were not designed to test the security of APIs, leaving organizations exposed.

Current challenges include:

  • Traditional testing approaches such as SCA, SAST, and DAST don’t understand the complex business logic that makes APIs work, but also makes them vulnerable. Many testing solutions only use fuzzing, which brute-forces testing mainly for functionality and only the most basic vulnerabilities.
  • Furthermore, many if not most APIs are not even identified by SAST/DAST tools and not actually tested. This is what security experts call “reachability”: the ability to successfully consume an API for testing, including both functionally (e.g. “HTTP 200 OK” status) and a logical response (e.g. the body of the response includes expected values).
  • SAST especially requires specific calibration to the programming languages used, requires significant expertise to set up, offers only limited coverage of business logic, and can take days to deliver results.

To combat these challenges, Noname Security will be announcing new product offerings to help industry leaders to further “shift left,” leave no API untested, and stop vulnerabilities from reaching production.

Patrick Guay
SVP Sales, America


Q1. What were some of the main takeaways from Pentera’s State of Pentesting 2023 report from earlier this year? What, if anything, was surprising or unexpected in the data?

The findings validate many of the realities we hear from our customers: despite the continued investment in cyber, breaches continue to increase; investment in cyber defense remains largely untouched despite economic pressures; cyber insurance costs and availability are top of mind, and penetration testing is now considered more than just a compliance item. Pentera in its continuous nature, addresses all of these concerns. It's not surprising that breaches keep happening. It instead reinforces the concept that a new approach must be adapted in understanding exposure.

Q2. What are some key considerations for organizations looking to adopt automated cybersecurity validation technologies? What should they be doing to ensure a balance between automation and human expertise to achieve an optimal security posture?

Automation will never take the place of human experts. Where automation helps is with the frequency and scale of validating security postures. Our customers tell us that Pentera helps to build the framework and cadence of testing which allows humans to focus on policy and solving the most complex problems. What we love is when customers have a solid understanding of what their current testing appetite is, as we align to that cadence and help them do it more frequently. That's not to say that if you don't have a testing framework you're out of luck. In fact, it's the opposite! Using Pentera and automation alongside a growing offensive security program can help shape the usage of new resources in parallel with Pentera.

Q3. What do you want customers at Black Hat USA 2023 to know about Pentera and its technology and services?

Pentera has developed the most complete and comprehensive platform focused on end-to-end (inside and out) validation of security controls, configurations, and policies. We uniquely take the perspective of the attacker - emulating real-world attacks. Our focus is letting security professionals sleep better at night knowing their organizations are ready for the next inevitable attack. At the Black Hat booth, our experts can discuss many of the different use cases that can be applicable to where you are in your security posture journey. There's no one size fits all with Pentera. How we tailor the solution to your organization will help make it fit better. We look forward to starting those conversations with you at our booth!

Sustaining Partners