APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source components

In a hard-hitting keynote at this year’s RSA Conference, Boaz Gelbord, senior vice president and CSO at Akamai, sounded the alarm over the rising tide of attacks targeting applications and their underlying infrastructure. 

Threat actors are increasingly leveraging legitimate tools and components within organizations to carry out their nefarious activities, a tactic known as "living off the land," Gelbord warned. 

Citing Akamai's latest threat intelligence data, Gelbord revealed a staggering 48% year-on-year increase in web attacks, with 29% targeting APIs. Even more alarming was the 109% surge in API attacks, a trend Gelbord attributed to the challenges of inventorying and securing these critical interfaces.

"It's hard to inventory APIs. You kind of know what your public-facing websites are, and probably have processes internally for setting those up. You know, they're customer-facing or they're user-facing,” he said. 

“It's harder for an organization to even know what all of its APIs are that are out there. And it's harder to secure them."

Gelbord also highlighted the risk posed by compromised open source components, citing the recent XZ utils vulnerability as a turning point. In this case, a widely used open source utility had been hijacked by a malicious entity, enabling remote code execution.

"This is probably the most stunning example of how those types of utilities can pose risks," Gelbord warned. 

"Luckily, there was an eagle-eyed engineer over, I think, at Microsoft who spotted this and saw some performance differences and how this utility was performing and managed to kind of alert folks before this got out into general distribution, but we don't know how many more of those are out there lurking in the wild."

Gelbord emphasized the importance of organizations adopting a risk-based approach to secure their applications, advocating for a strong understanding of how their threat models align with the various components of their applications, from code to infrastructure. 

He also underscored the criticality of multivendor interoperability and the integration of compliance efforts with technical security programs.

Concluding his keynote, Gelbord stressed the transformative potential of AI in reshaping security models, particularly in areas like identity, user authorization, security operations, and monitoring.

"AI is going to fundamentally change a lot of pieces of our overall security model,” he said. 

“The most obvious spaces, which we mentioned earlier, are identity and user authorization. This is moving very fast, but also in different places like how we do our security operations and how we do our security monitoring.”