In a modern company, integrations between the systems and external parties play a crucial part. For example, manufacturing buys material and components from third parties via integrations. Service businesses make work orders to third parties digitally. Everything is connected. Due to cost-efficiency and resiliency for the pandemic, the IT automation level and data-sharing APIs significantly increased.
The pandemic already tested the resiliency of IT departments by putting humans in sickbay at a pace and quantum never seen before. Now, various hybrid attacks on networks can be a growing risk. What kind of cyberattacks may we expect towards APIs and integration platforms in the current socio-political situation? How vulnerable are your business processes and your iPaaS that connect the systems inside and outside the company?
Types of attack
Distributed denial-of-service attack
Many cyberattacks can affect the iPaaS, like distributed denial-of-service (DDOS) attacks. In DDOS, the target web page or API is overwhelmed with requests from a network of hijacked devices. The result is that the API or service is not accessible to the intended user. These attacks don't last forever, the recovery is straightforward, and the damage is a temporary downtime of the service or API. However, you are screwed if your APIs are directly connected to System-of-Records (SoR) like ERPs, in a way that API request results in action in underlying business systems. In the case of DDOS, this architectural and design flaw could shut down your SoRs by overwhelming their internal database. I've never seen this happen, as with Frends enteprise iPaaS; the architecture prevents this. In Frends, the operative units called Agents always connect to the core via message queues and utilize DDOS prevention mechanisms of the underlying cloud.
One obvious but still relevant mistake is to use fixed IPs instead of resolvable names. If your API has a fixed IP that all the callers use, it's pretty hard to pop it up on another cloud segment to escape the DDOS hitting others.
However, a more destructive cyberattack than DDOS is a malware attack with an exceptionally destructive payload. Regular criminals use ransomware to blackmail money, but government-based attacks use malware that aims to shutdown functions like electricity, as we saw at the beginning of the war in Ukraine. This kind of malware, which sole intention is to shut down or harm a specific function, is typically spread via phishing mail, social network spam, remote desktop protocol, and drive-by downloads from a compromised website. One individual makes one mistake, and malware reaches its target network.
These attacks require training and, yet again training of the employees. Therefore, instead of dull lectures, I suggest that security awareness is a continuous gamified process. Great tools like Hoxhunt send training attack mails to employees and reward them when they find the attack mails.
Infrastructure attack - Cutting the cables
The most severe attack is violating the internet's physical infrastructure, or more simplistic - cutting the cables. This could be interpreted as an act of war, but the limits may be tested. There are over 1.2 million kilometers of data cable connecting continents. It's like blood veins in a human; cutting the most significant ones will kill you, but you can survive if minor veins are cut. So from a business perspective, it's just a matter of what cables are cut and whether it impacts you. In most countries, critical infrastructure services like energy, water, and alike are regulated to work in situations where all the foreign connections are severed.
In Frends iPaaS, each execution unit - the agent - runs without connection to the central development and monitoring panel. However, agents can cache the logging message for long periods. So if your Frends core ceases to exist, you can pop it up elsewhere and configure agents to connect to the new instance. The same applies to Agents; you can always pop up new ones in a working network segment and order that point to continue the work.
- Ensure your iPaaS infrastructure is protected from DDOS attacks in the cloud and on-premises. For example, Frends iPaaS in Azure relies on Azure DDOS prevention mechanism, message queues and DevSecOps development. Ensure that you don't use fixed IPs or direct connections between APIs and local services. A pervasive approach to security is enabled by applying security in the development process as in the DevSecOps approach.
- Train your employees. Utilize gamification and continuous tools like Hoxhunt.
- Ensure that your integration architecture enables popping any part of the integration platform - including the core - on other cloud geolocation segments or cloud providers. For example, Frends customers can pop Frends core even on on-premises. Frends offers integration architecture services where a good architecture plan may include recovery from cable cutting, among other threats.
Do you want to learn more about Frends? The fasted way is to book a demo meeting.