API security
cloud security
Cyber landscape
May 20, 2024

Graph API Vulnerabilities on the Rise

Many application developers are still grappling with the integration challenge. Microsoft’s Graph API attempts to solve this problem, however, their solution comes with its own drawbacks.

Graph API Vulnerabilities on the Rise

Hyperscale cloud providers are constantly innovating, and bringing new services online to make it easier to build rich, complex, modern applications that can deal with the scale that only the cloud can support. One of the challenges that developers have around these services is integrating the new APIs so that they can build on these services. Microsoft has recognized that problem, and attempted to provide a solution, but the solution may come with downsides.

Developers use the Microsoft Graph API to access data from Microsoft 365 and a wide range of other services through a single RESTful API endpoint. With the Microsoft Graph API, developers can build applications that interact with and integrate seamlessly into Microsoft’s digital ecosystem.

However, bad actors have found ways to exploit the Graph API, usually by leveraging it to facilitate communication with command-and-control centers. 

Most recently, some malware was discovered in Ukraine by the name “BirdyClient” (also known as “OneDriveBirdyClient”) downloading files via a C2 server, though it is unclear to what end. And they are far from the only espionage group gathering data this way. In December 2022, Elastic Security documented an intrusion into the Office of Foreign Affairs deployed via a tool called SiestaGraph, a variant of malware that is still being continuously developed.

In fact, misuse of the Graph API is steadily rising as more and more bad actors realize that API traffic through the platform is unlikely to raise suspicion. And this is far from the only way to exploit Graph API- Security Boulevard wrote an article about hacking Graph API using Postman and hackers will never cease searching for new vulnerabilities.

There is no one-size-fits-all solution to this growing problem, however, monitoring API usage - both internal and third-party APIs -  is always a good idea. Strong API security starts with visibility, assessment and monitoring, and bonus points if you enforce strong authentication and authorization.

To learn how FireTail can help with your API security posture, schedule a free demo with us here: https://www.firetail.io/request-a-demo.

Jeremy Snyder

Founder & CEO

Related posts

Google Cloud Security Threat Horizons Report #10
July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.

Read more
Life 360 Phone Number Leak
July 19, 2024

Life 360 Phone Number Leak

Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.

Read more
Apache Hugegraph Under Attack
July 19, 2024

Apache Hugegraph Under Attack

With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!