Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Join us at San Diego API Security Summit 2024!
Close
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

M&A and JWT Are Surprising Sources of API Threats, According to New Wallarm Report

July 31, 2024

API ThreatStats Q2 ’24 Identifies Combination of Accelerating and New Risks to API Security

SAN FRANCISCO--(BUSINESS WIRE)--Wallarm, the leading end-to-end API and app security company, today announced the release of its Q2 API ThreatStats™2024 Report. In a continuation of the Q1 ThreatStats Report, AI APIs continue to intensify in volume and severity, contributing to several critical exploits. The report also shines a spotlight on the significant role that mergers and acquisitions (M&A) activity played in exposing multiple organizations to significant risk, as well as the surprising persistence of JSON Web Token (JWT) misuse across a wide range of applications.

New Trends and Surprising Vulnerabilities

Among new observations in this quarter’s report is critical security risks being introduced during M&A. The report highlights significant examples of risk being introduced during an ongoing M&A process and digs into the factors that make this an ongoing issue. Notable incidents include: TestRail (Atlassian), HelloSign (Dropbox), Duo (Cisco), and Authy (Twilio). These platforms faced significant API breaches, underscoring the importance of thorough security assessments and stringent security protocols during M&A transitions.

A notable trend is that the misuse of JWT continues to pose significant security challenges. Despite JWT’s widespread adoption for securing API communications, proper implementation remains difficult, leading to critical risk. Key issues identified include a vulnerability in the Veeam Recovery Orchestrator, where use of a hard-coded JWT secret exposed a critical security flaw allowing attackers to forge tokens and gain unauthorized actions, an authentication bypass vulnerability in Lua-Resty, and a JWT bomb attack in Python-jose that can exploit the decode function and lead to denial of service.

Despite its strong security focus, Grafana was found to have several critical vulnerabilities this quarter, including a vulnerability that allowed outside organizations to delete snapshots with its key, a directory traversal flaw for .csv files, and multiple OAuth issues, including account takeovers and token leakages. These findings emphasize that even the most security-conscious platforms are not immune to security flaws and highlight the necessity for continuous monitoring and proactive security practices.

AI API Exploits Continue to Accelerate

AI APIs accelerated at a surprising rate, with Q2 seeing a threefold increase in API vulnerabilities observed in well known AI systems, underscoring the growing importance of securing AI systems as they become increasingly integrated into the digital ecosystem.

“As we observed in last quarter’s report, AI is introducing new risk into the API threat landscape at a concerning rate. As organizations continue to focus on attacks targeting AI/LLM systems, they are far too frequently unaware of the AI API-related risk that is being introduced into their environments,” says Ivan Novikov, CEO of Wallarm.

Notable issues include vulnerabilities in the AnythingLLM API that allow arbitrary file deletion due to path traversal in the logo photo feature and remote code execution using environmental variables, to a directory traversal vulnerability in ZenML, allowing unauthorized access to sensitive files.

To view the full Q2 API ThreatStats™2024 Report, please visit:
https://www.wallarm.com/resources/q224-api-threatstats-tm-report

Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.