Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API security is no longer just a concern; it’s a critical priority for businesses. With APIs serving as the backbone of modern applications, they’ve become a primary target for attackers. While automated security testing tools help detect vulnerabilities, their limitations leave organizations exposed to evolving threats. Here’s where Threat Replay Testing (TRT) comes into play.

Have you ever wondered how hackers breach your accounts even if they don’t know your password? It’s not just luck or guesswork; a dictionary attack is one of many methods cybercriminals use to crack passwords and break into your online accounts. Throughout this article, we will break down what a dictionary attack is, how it works, and the steps you can take to prevent threat actors from cracking your passwords and stealing your personal information.

The best way to understand real-world attacks is to observe them in the wild. Following this principle, our research team set up a decoy Kubernetes workload designed to attract malicious actors – a honeypot in a Kubernetes cluster we named the “Honey-pod.” Inside this pod, we deployed Apache Druid, a popular open-source analytics database known for its scalability and, unfortunately, for a history of exploitable vulnerabilities.

At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

The numbers are startling – organizations typically need 197 days to spot a cyber attack and another 69 days to contain it. This leaves systems vulnerable for more than eight months. The financial impact keeps growing. A typical cyber attack now costs organizations $4.45 million in damages – a 15% increase in the last three years. But there’s good news: cybersecurity works like asymmetric warfare. Defenders can stop an entire attack by breaking just one link in the attack chain.

Initial Access Brokers (IABs) are threat actors who infiltrate networks, systems, or organizations and sell this unauthorized access to other malicious actors. Instead of executing the entire cyber attack, IABs focus on the initial breach and monetize it by selling access to compromised systems. They assist ransomware operations, particularly RaaS schemes, by streamlining attacks and reducing workload at the start.

Several years ago, a security researcher discovered a vulnerability in Google Chrome that allowed fake domains to bypass the browser’s security measures. The researcher registered a domain that appeared as “xn--80ak6aa92e.com” but displayed as “apple.com” in the browser, demonstrating how easy it was to deceive users. This is just one example of what’s known as a homograph attack, or sometimes a ‘look-a-like domain’.

The energy sector has become a prime target for cyberattacks, with successful breaches posing severe risks to national security, economic stability, and public safety. Luckily, the industry is standing up and taking notice, with two-thirds of energy professionals (65%) now saying their leadership now sees cybersecurity as the greatest risk to their business.