Prevent API Abuse
Traceable enables customers to know their API attack surface, protect it against known and unknown attacks, fraud, and API abuse, and to do root cause analysis, and threat hunting.
Company: The company provides developers cloud services that help to deploy and scale applications
Sector: IT Infrastructure
Role: Software Engineer
The company offers a marketplace through which users can purchase add-on solutions. The marketplace is API-driven and has been hacked and abused a few times. An attacker abused the marketplace APIs to get access to an internal company API for sending SMS messages. The attacker then used this company’s SMS API to run their own SMS messaging campaign. That API called out to a partner, for which they racked up a $15,000 / month bill for SMS services. The company needed to identify and stop these abuses, which appeared to come from the inside.
Traceable AI was able to help the company stop the API abuse using some of Traceable AI’s Protection capabilities
API usage anomaly detection – Traceable watches all API traffic in an application and flags anomalies such as a sudden uptick in usage, abnormal user usage, change in responsiveness, etc.
User attribution – Traceable uses intelligent user attribution to track user activity across sessions, IPs, resets, and no matter how deeply their user identity is buried. It uses this user attribution to provide an aggregated user storyline across all app activity.
East/West traffic analysis – Traceable captures and analyzes traffic between internal system components (east/west traffic), not just calls to and from 3rd party systems. Sometimes attacks come from (or can appear to come from) the inside.
How Traceable AI helped
Identity of abnormal API usage patterns – Traceable watches everything and remembers. It was able to identify abnormal API usage (higher frequency of use) on the APIs that were calling out and connecting to the 3rd party communication service. This anomaly was a clear sign to investigate further.
Tie attacks back to users, no matter where they come from – Traceable’s ability to track all the activity of the bad actor (user) across all sessions enabled the company to see the path of attack and see that they came through the Marketplace and then abused vendor APIs from internal.
Find API abuse even if it comes from inside – Traceable’s ability to see and analyze East/West traffic enabled the company to find the attack vector, which was coming from one of their internal services (the hacked Marketplace), and connecting to another internal service (their SMS messaging service wrapper). The Messaging service wrapper front-ended the 3rd party communications service which they ultimately got the huge monthly bills from.
Customer value in technical, business, and ROI/financial terms
Stopped high costs that came from API abuse – The company was able to find and stop the API abuse that was costing them $15,000 / month for stolen services from one of their vendors.