ThirdPartyApp attacks
Consider the following cybersecurity breaches – all from within the past three months: GitHub, the leading cloud-based source control service, discovered that hackers capitalized on stolen OAuth tokens issued to third-party applications to download data from dozens of customer accounts; Mailchimp, a leading emarketing company, found a data breach where hundreds of customer accounts were compromised using stolen API keys; and Okta, the leading workforce authentication service, left 366 corporate customers vulnerable after hackers exploited a security breach to gain access to internal networks.
These three incidents have one thing in common – they were all service supply chain attacks, meaning breaches in which the attackers took advantage of access granted to third-party services as a backdoor into the companies’ sensitive core systems.
Why this sudden cluster of related attacks?
As digital transformation and the surge in cloud-based, remote or hybrid work continues, companies are increasingly weaving third-party applications into the fabric of their enterprise IT to facilitate productivity and streamline business processes. These integrated apps increase efficiency throughout the enterprise – thus their sudden rise in popularity. The same is true for low-code / no-code tools, which allow non-coding “citizen developers” to create their own advanced app-to-app integrations more easily than ever before.
Introduction La cybersécurité est devenue une priorité stratégique pour toutes les entreprises, grandes ou petites.…
Cybersécurité : les établissements de santé renforcent leur défense grâce aux exercices de crise Face…
La transformation numérique du secteur financier n'a pas que du bon : elle augmente aussi…
L'IA : opportunité ou menace ? Les DSI de la finance s'interrogent Alors que l'intelligence…
Telegram envisage de quitter la France : le chiffrement de bout en bout au cœur…
Sécurité des identités : un pilier essentiel pour la conformité au règlement DORA dans le…
This website uses cookies.