APIs are everywhere in modern day life. We rely on them to access services on mobiles, tablets and laptops. Without them our day-to-day life wouldn’t be the same. Yet they are also increasing the attack surface. Are they really a friend to e-commerce or to cybercrime?
APIs are not new. They’ve been around a long time. APIs are key to building scalable web-based applications as they allow and manage the interaction between 2 online connected services.
In today’s OTT world, pay-media operators continually modify their business models to find the sweet spot; what resonates best with their consumers. Unfortunately, the same is true with cybercriminals. For them, the introduction of account generator sites is at the heart of this evolution.
No longer limited to the DarkNet
In an earlier blog, I explained how compromised account details are regularly being sold on the DarkNet. However, in the last few months the Irdeto cyber-services team has witnessed a change.
On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?
Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then
Browser security isn’t a new problem. Apple, Google, Microsoft and Mozilla have put a huge amount of effort into enabling consumers to have a secure browsing experience. But who’s thinking about the web site operators and their secure browsing experience?
Internet trust is dependent on certification authorities; with TLS/SSL being the most commonly used technology for securing electronic commerce transactions online. It’s all about enabling the consumer to access web services and be reasonably confident they know who they are talking to.
There’s no doubt about it, cyber-attacks are increasing. A consequence of this is a rise in cybersecurity litigation. Interestingly, that litigation may not necessarily be directed against the cybercriminals. Instead, it is likely to be another threat that the breached company has to deal with.
Just as cyber-attacks are generating publicity, so too are the subsequent litigation activities. What makes them newsworthy seems to be the dollar amount.
In Star Wars: The Force Awakens, the sinister First Order dominates the galaxy, with only a small band of trusted resistance fighters left. What’s the link to today’s software world you may ask? It all comes down to the power of cryptography to defeat the dark side.
In this software controlled world the need for software protection is unavoidable. This protection extends to all aspects of day-to-day life. It could be securing your credit card details when shopping on line or a business safeguarding a remote network connection to even protecting premium content such as a blockbuster movie.
The Internet has transformed how businesses operate today. Never before has so much been done online. The dark side to this connectivity is that the threat of cybercrime is increasing and becoming more professional. It’s no longer a case of if you will fall victim to a cyber-attack but when. Are you ready?
No business is immune
It’s not just Irdeto’s cyber-services team which is witnessing a growing concern about cyber-attack threats.
What if I told you the Internet was built by hackers or that Facebook’s Mark Zuckerberg has been called a hacker. Would you believe me? To fully understand the hacking threat, first we should know more about the hacking mind.
The hacking mind
Although predominately associated with the online world the hacking mindset is not limited to those in the computer field. The characteristics can be equally found in the world of art or science.
Many of us work for organizations with an established corporate IT department. IT determines the security policies; sets the protocols, permissions and instructs employees on the best practice. Given the cyber risks that organizations now face is ‘egg-shell’ security enough?
Some of you may remember Bob from my previous post. Let’s continue to see what Bob is doing to explore how safe corporate IT really is.
Thanks to the highly publicized sentencing of Ross Ulbricht, founder of the online blackmarket place – Silk Road, the general awareness of the DarkNet is increasing. Yet, the importance of the DarkNet to our customers isn’t about supply of illegal drugs or fake passports; it is its growing role in evolving online piracy.
Before diving into the detail of the emerging trends that we’re seeing, let’s start by putting things into context.