• Search for:
    27May, 2023
    Fake CapCut Websites Spread Information Stealers

    A malware campaign has been found impersonating the CapCut video editing tool to spread different stealers. CapCut is an official video editor, developed by ByteDance. It is popularly used as an editing tool for TikTok videos (also owned by ByteDance) and comes with several features. CapCut has over 500 million downloads on Google Play and its website receives over 30 million monthly hits, making it an attractive target for cyberattacks.

    What’s happening?

    Owing to the nationwide bans in India, Taiwan, and other countries, users are looking for alternative ways to get access to the CapCut app. The popularity of CapCut has made users look for alternative ways of getting the app. To harness this opportunity, attackers have created websites that spread malware disguised as CapCut.

    • The attackers are suspected to be using search ads, black hat SEO, and social media to advertise these malicious sites.
    • They used multiple domains, such as capcut-editor-video[.]com and capcutdownload[.]com, to deliver information stealers to victims’ systems via two different campaigns detailed below.

    Offx Stealer campaign

    The first campaign uses fake CapCut sites with a download button spreading the Offx Stealer on systems. The stealer binary uses PyInstaller and only runs on Windows 8, 10, and 11.

    • Whenever a victim runs the downloaded file, they are shown a fake error message stating that the app launch has failed. However, Offx Stealer keeps operating in the background.
    • The malware attempts to steal credentials and cookies from web browsers and targets data stored in Discord, Telegram, popular cryptocurrency wallet apps (Bytecoin, Atomic, Zcash), and remote access software (AnyDesk and UltraViewer).

    Redline Stealer campaign

    The second campaign uses fake CapCut sites delivering the ‘CapCut_Pro_Edit_Video[.]rar’ file on systems, including a batch script that executes a PowerShell script when opened.

    • The PowerShell script decompresses, decrypts, and loads the final payload – a DotNET executable and Redline Stealer. The DotNET executable bypasses the AMSI Windows security feature.
    • Additionally, the same fake CapCut site serves as a host for BatLoader.

    Resource: https://cyware.com/news/fake-capcut-websites-spread-information-stealers-7ac5436c

    20Feb, 2023
    API management (APIM): What It Is and Where It’s Going

    Analyzing the concept of API management (APIM), its benefits, and what it will look like as the API landscape continues to evolve.

    There are two fundamental truths in the API landscape.

    • First: APIs have become a strategic tool for companies to expand their digital reach, accelerate their businesses, and do more for their customers.
    • Second: because of the way they work and how they’ve been used so far, APIs are particularly vulnerable to attacks from bad actors. In fact, according to recent research, malicious API attack traffic surged 117% over the past year, indicating that the threat on APIs is far from abating.

    So, where does this leave businesses that want to leverage the power of APIs? For starters, they need to invest in an API security strategy that covers all their bases. A robust strategy will be held up by a number of different tools and methodologies, including API management (APIM).

    In this article, we’re taking a closer look at what APIM is, its benefits, and what it will look like as the API landscape continues to evolve.

    What Is APIM?

    APIM is the process of creating, distributing, monitoring, and analysing APIs that connect applications and data across the enterprise and clouds. Typically deployed as a scalable platform, APIM allows enterprises to share their API configurations while controlling access, monitoring and collecting usage data, and enforcing security policies related to APIs.

    In other words, APIM gives businesses the power to better leverage the API economy without compromising on security. There are also internal benefits: managing all APIs on one unified platform lets enterprises share API documentation and coding constructs between teams, ultimately making things easier (and faster) for developers.

    What Are the Components of APIM?

    To facilitate flexibility, quality, speed, and security for enterprise APIs, APIM platforms are usually comprised of five key elements, outlined below.

    API gateway: The API gateway acts as the portal through which all routing requests and protocol translations are handled. As APIs often have different structures and languages and are constantly changing, an API gateway facilitates communication, providing a single point of contact for internal and external parties to interact with APIs.

    API developer portal: The developer portal provides a self-service hub for developers that want to access and share API documentation. This contributes significantly to speeding up how developers work with APIs, streamlining the building and testing processes, and providing consistency across the team.

    API analytics: There’s a lot of value in understanding and evaluating a given API’s usage and operational metrics — and that’s where an API reporting and analytics function comes in. APIM platforms are often equipped with dashboards that provide this visibility and allow enterprise teams to make better decisions about how they use their APIs, such as whether it’s worth monetizing them. From an operational perspective, these dashboards help identify issues early so they can be addressed proactively.

    API lifecycle management: With APIs, one of the biggest challenges is that there isn’t visibility into the whole lifecycle — from design to implementation and retirement. The reason is that APIs are often created for small internal uses and then launched into bigger use cases without the proper vetting. Lifecycle management mitigates this, providing a sustainable solution for building, testing, and managing APIs with version control support.

    API policy manager: Each API should operate within a set of API policies that shape its evolution. API policy managers control the lifecycle of these policies and house broader policies that impact the entire API infrastructure.

    In an APIM platform, each of these tools comes together to give companies a more complete and comprehensive view into their APIs and the control to enhance security across the API ecosystem.

    What APIM is Not

    From a security perspective, while APIM platforms are key for creating unified visibility and control over a company’s API infrastructure — and for facilitating the implementation of API security features — it’s important to note that it’s only one pillar in a robust API security strategy. API management platforms are not, fundamentally, security platforms. They lack key API security elements organizations should enforce, including continuous authentication and authorization, access control, data validation, runtime security tailored to the OWASP API Top 10 attacks, and a testing plan for APIs both in production and pre-prod.

    It’s also important to note that APIM isn’t a one-size-fits-all solution. It’s essential to evaluate the company’s IT infrastructure and other resources to ensure that they are equipped to adopt and implement a new platform for its APIs. Do you have the right level of expertise on your team? Are you working with enough APIs to justify the adoption of an APIM platform? Do you have API security policies in place to enable your APIM tool to do its best work? These are all critical questions to ask as you evaluate this solution.

    What Are the Benefits of APIM?

    For many enterprises, APIs are the Wild West of their technical infrastructure. APIs often differ significantly from one another, making it challenging to create overarching measures to manage them. The landscape is constantly changing, so documentation quickly becomes outdated and irrelevant. This is part of what makes APIs such an appealing threat vector for cybercriminals. APIM remedies this while providing other benefits.

    APIM supports businesses by:

    • Centralising visibility to all API connections, lowering the risk of attacks, and giving teams the ability to identify gaps and duplicates
    • Facilitating data-driven decisions for the business, such as monetizing the API
    • Protecting the business from API-related threats
    • Enabling the creation of detailed API documentation
    • Creating better user experiences for API consumers
    • Improving developer experiences
    • Providing better insights into the current state of API security, allowing teams to create a better ecosystem

    What Does the Future of APIM Look Like?

    APIs aren’t going anywhere. Businesses are continuing to build applications that rely on hundreds, if not thousands, of APIs. With APIs exposed to multiple data centres, cloud providers, and customers, with different levels of access requirements and customization, the scale and complexity of the ecosystem are only going to get bigger. For enterprises that want to stay agile, organised, and secure, APIM will be crucial.

    APIM will continue to be an important driver for functions such as versioning, deployment processes, usage metrics, and interoperability. And from a security perspective, they will develop as API gateways become more mature, doing more in the rate limiting, data masking, and authentication spaces.

    Other changes will come within the interfaces themselves. There’s a growing shift in the developer tooling space with the emergence of tools that favour visual drag-and-drop functionalities instead of coding. This way, different teams can contribute to APIM within the bounds of their skill sets and still have a clear understanding of the workflows, API lifecycles, and API security policies.

    As APIM platforms continue to mature, they will become an even more strategic asset for businesses that want to make the most of the API landscape without compromising their security.

    About the Author: Ali Cameron is a content marketer that specializes in the cybersecurity and B2B SaaS space. Besides writing for Tripwire’s State of Security blog, she’s also written for brands including Okta, Salesforce, and Microsoft. Taking an unusual route into the world of content, Ali started her career as a management consultant at PwC where she sparked her interest in making complex concepts easy to understand. She blends this interest with a passion for storytelling, a combination that’s well suited for writing in the cybersecurity space. She is also a regular writer for Bora

    Resource : https://securityaffairs.com/141738/security/api-management-apim.html

    20Feb, 2023
    Top 5 API Lessons for Software Engineering Leaders

    It is important for software engineering leaders to balance the technical and business goals of their API strategy and practice by considering these top 5 aspects.

    Software engineering leaders around the world see application programming interfaces (APIs) as the best option to connect systems and applications to build impactful and composable software architectures. However, they overlook the business potential of APIs as digital products and focus largely on technical use cases. 

    To deliver meaningful business outcomes and gain the trust of stakeholders, organizations need a modern API strategy that is closely aligned to business goals, and which covers API security, governance, life cycle management, developer enablement and potential for monetization. 

    “Software engineering leaders responsible for API strategies shouldn’t focus only on the technical benefits of APIs. They must incorporate the business perspectives to avoid risking the support of business stakeholders,” says Shameen Pillai, Sr Director Analyst at Gartner.

    Here are the top five considerations for software engineering leaders to develop an effective API strategy and practice.

    No. 1. Don’t let API governance create bottlenecks

    For developing, managing and governing APIs without creating bureaucratic hurdles, software engineering leaders can implement an “adaptive governance” model. The idea is to create a federated API platform team (for example, having product managers from different business groups such as digital, commerce and logistic API teams) and manage the locally built APIs without undermining the overall API strategy.

    To support localized standards, tools and processes, ensure that API product teams do not create disjointed or overlapping standards and actively participate in federated API governance. The platform teams and product managers should have consistent communication to be aware of shared assets, policies and practices.

    No. 2. Treat APIs as products, even if you don’t plan to monetize them

    Looking at APIs as a way to achieve technical purposes isn’t enough in the postpandemic world. They are now essential in advancing digital business strategies and should be treated as products without prioritizing monetization. Although many organizations monetize APIs, the majority don’t. Many organizations use API products for internal consumption only.

    Regardless, the development, organization and management of APIs should be driven by a consumer-centric mindset that requires product managers to:

    • Prepare API roadmaps and measure business outcomes
    • Understand and cater to the needs of API consumers (for example, developers) to promote API products and improve developer relations (DevRel)

    No. 3. Discover your APIs before hackers do

    As APIs are the gateways to systems, applications and services, they are always vulnerable to security threats. This may result in the loss of private and sensitive information about millions of users.

    The security strategy for APIs should focus on threat protection, well-refined access control and data privacy. Software engineering leaders often protect the published APIs, but there can be shadow or unpublished APIs. API discovery is the key to ensuring that there are no blind spots and to track any malicious usage of APIs.  

    Software engineering leaders should adopt a DevSecOps strategy and institute a security governance policy across the organization. They should assess and enhance the capabilities of API security and management solutions to discover APIs and potential threats from hackers.

    No. 4.Manage the life cycle of APIs

    An API’s life cycle involves four stages:

    • Planning and initial design
    • Implementation and testing
    • Deploy and run
    • Versioning and retirement

    Software engineering leaders should build a consistent process around the four life cycle stages to develop a comprehensive API strategy and practice. For example, the “planning and initial design” stage should focus on an iterative process, consisting of a design approach, methodology and governance. Likewise, the “deploy and run” stage should focus on advanced security analytics to measure API business value.

    Leverage automation to sustain API quality, track issues and optimize the API’s life cycle based on actual performance.

    Align the development of APIs with the organization’s DevOps process for continuous integration and delivery. This way, software engineering leaders learn about other considerations when building, deploying, testing and implementing APIs in various environments. For example, as per API testing guidelines, certain functional, performance and security testing requirements can be mandatory.

    No. 5. Choose best-fit API technologies

    There are a variety of vendor solutions for developing and managing APIs available in the market today. However, the API market is evolving, with some vendors focusing on specific aspects of APIs like design, testing, monitoring, security, portals and ecosystem management. 

    Related webinar: How to Benefit From API Startups and New API Trends

    With so many different solutions to select from, software engineering leaders should have clarity regarding the needs of their organization and engineering groups. To make the selection more credible and collaborative, involve API product managers, API platform teams and security teams in the process. 

    It may be difficult to identify what differentiates different vendor solutions when it comes to potential, viability and maturity. Review critical capabilities for API life cycle management to understand the respective strengths and weaknesses of each solution and select the best possible fit.

    Resource: https://www.gartner.com/smarterwithgartner/top-5-api-lessons-for-software-engineering-leaders