M&A and JWT Are Surprising Sources of API Threats, According to New Wallarm Report

SAN FRANCISCO--(BUSINESS WIRE)--Wallarm, the leading end-to-end API and app security company, today announced the release of its Q2 API ThreatStats™2024 Report. In a continuation of the Q1 ThreatStats Report, AI APIs continue to intensify in volume and severity, contributing to several critical exploits. The report also shines a spotlight on the significant role that mergers and acquisitions (M&A) activity played in exposing multiple organizations to significant risk, as well as the surprising persistence of JSON Web Token (JWT) misuse across a wide range of applications.

New Trends and Surprising Vulnerabilities

Among new observations in this quarter’s report is critical security risks being introduced during M&A. The report highlights significant examples of risk being introduced during an ongoing M&A process and digs into the factors that make this an ongoing issue. Notable incidents include: TestRail (Atlassian), HelloSign (Dropbox), Duo (Cisco), and Authy (Twilio). These platforms faced significant API breaches, underscoring the importance of thorough security assessments and stringent security protocols during M&A transitions.

A notable trend is that the misuse of JWT continues to pose significant security challenges. Despite JWT’s widespread adoption for securing API communications, proper implementation remains difficult, leading to critical risk. Key issues identified include a vulnerability in the Veeam Recovery Orchestrator, where use of a hard-coded JWT secret exposed a critical security flaw allowing attackers to forge tokens and gain unauthorized actions, an authentication bypass vulnerability in Lua-Resty, and a JWT bomb attack in Python-jose that can exploit the decode function and lead to denial of service.

Despite its strong security focus, Grafana was found to have several critical vulnerabilities this quarter, including a vulnerability that allowed outside organizations to delete snapshots with its key, a directory traversal flaw for .csv files, and multiple OAuth issues, including account takeovers and token leakages. These findings emphasize that even the most security-conscious platforms are not immune to security flaws and highlight the necessity for continuous monitoring and proactive security practices.

AI API Exploits Continue to Accelerate

AI APIs accelerated at a surprising rate, with Q2 seeing a threefold increase in API vulnerabilities observed in well known AI systems, underscoring the growing importance of securing AI systems as they become increasingly integrated into the digital ecosystem.

“As we observed in last quarter’s report, AI is introducing new risk into the API threat landscape at a concerning rate. As organizations continue to focus on attacks targeting AI/LLM systems, they are far too frequently unaware of the AI API-related risk that is being introduced into their environments,” says Ivan Novikov, CEO of Wallarm.

Notable issues include vulnerabilities in the AnythingLLM API that allow arbitrary file deletion due to path traversal in the logo photo feature and remote code execution using environmental variables, to a directory traversal vulnerability in ZenML, allowing unauthorized access to sensitive files.

To view the full Q2 API ThreatStats™2024 Report, please visit:
https://www.wallarm.com/resources/q224-api-threatstats-tm-report

‍