At a glance.
- Privacy and API security.
- Sabre hit with ransomware attack.
- Fake Telegram apps armed with malware.
- Ragnar Locker exposes data stolen from Israeli hospital.
Privacy and API security.
API security firm Traceable has released its 2023 State of API Security Report, in which over sixteen hundred respondents from one hundred countries spanning six industries were asked about their API activities. As the report states, just 52% of respondents said they felt it was necessary to understand which APIs are most vulnerable, while 54% said identifying sensitive data-handling API endpoints was a high priority. 60% of organizations surveyed had experienced an API-related breach in the past two years, and nearly three-quarters of respondents said they’d suffered three or more. The top breach methods were DDos, fraud, and API attacks, and with only 33% respondents saying they’ve effectively reduced the risks of third-party access to their APIs, third-party risks are clearly a concern. A majority (68%) of organizations said they expect API risks will significantly increase in the next two years, and nearly half cited API sprawl as their biggest challenge when it comes to securing the API attack surface.
Ted Miracco, CEO, Approov Mobile Security, wrote to observe that this is another case in which genuine operational convenience is in tension with privacy. "APIs clearly enable innovation and interoperability, but unfortunately this study reinforces the risks posed by porous APIs and the inadequacy of traditional controls," Miracco wrote. "With API breaches rampant and third-party connections multiplying, many organizations are flying blind. This uncertainty, especially in mobile apps, demands radically new API security paradigms centered on identity, Zero Trust, and continuous validation, and attestation of API requests. Companies must review and in some cases re-architect their API protections. Otherwise it is not a question of “if” but rather of “when” their next API breach will strike."
Sabre hit with ransomware attack.
The ransomware group Dunghill Leak is claiming to have stolen 1.3 terabytes of data from travel reservation system Sabre. According to a post on Dunghill’s leak site, the pilfered files include corporate financial information, passenger turnover and ticket sales data and personal employee information. The gang shared a sample of the data as evidence, and it includes employee email addresses, work locations, names, nationalities, passport and visa numbers, and for some individuals, employment tax forms. Sabre spokesperson Heidi Castle stated, “Sabre is aware of the claims of a data exfiltration made by the threat group and we are currently investigating to determine their validity.” Cyber Security Hub adds that It's unclear how or when the attack occurred, but the sample files indicate the breach likely happened in July of last year.
Fake Telegram apps armed with malware.
Kaspersky security researcher Igor Golovi has discovered fake versions of popular messaging app Telegram that are designed to steal sensitive data from compromised Android devices. As Hacker News explains, the apps are equipped with malicious software that can download user names, user IDs, contacts, phone numbers, and even chat messages and send them to a hacker-controlled server. In an attempt to pass the dupes off as legitimate software, the hacker has assigned the malicious packages with names that are deceptively similar to the legitimate Play Store version of the app. Telegram stated, "At first glance, these apps appear to be full-fledged Telegram clones with a localized interface. Everything looks and works almost the same as the real thing. [But] there is a small difference that escaped the attention of the Google Play moderators: the infected versions house an additional module."
Ragnar Locker exposes data stolen from Israeli hospital.
The Ragnar Locker ransomware gang says it’s behind a recent attack targeting the Mayanei Hayeshua hospital in Israel. A message posted on the threat group’s leak site says the hackers, in an effort to avoid disrupting the hospital’s services, didn’t encrypt any data. However, they’re no saints: they do claim to have stolen one terabyte of hospital data, which they have threatened to release. Security Affairs reports that the compromised data include personal information, internal emails, financial records, and medical cards. Ragnar Locker claims they discovered several vulnerabilities in the hospital’s systems and supposedly attempted to contact the hospital’s administrators to warn them of the insecurities. The post states, “We tried to draw their attention to the network issues and called them for discussion. Instead of the dialogue, they decided to play tricks with us, they even tried to catch us with phishing. Come on guys, seriously?” So instead of keeping the bugs under wraps, the cybercriminals decided to release a portion of the data, and they’ve promised to publish the remainder in three to four days. They won’t be winning any white-hat hacker awards.