Salt Security’s Salt lab researchers have discovered a vulnerability in the API (application programming interface) of a large financial technology platform that has already been integrated into numerous banking systems. According to the company’s researchers, it is likely that the vulnerability has already helped scammers defraud millions of users by granting them access to their money. According to the recently published report, the vulnerability is a server-side request forgery (SSRF) flaw in a web page that supports the fund transfer functionality.
The company’s official name in question has remained anonymous, but the media and the Salt Security report have dubbed it “Acme Fintech.” It is a fintech company that offers digital transformation services to traditional, well-established banks and helps their banking services go digital. The company platform has already been integrated into the systems of multiple well-known banks, which means that millions of people have been using a financial platform with a fatal flaw. Some users might have already fallen victim to a digital scam made possible through this SSRF flaw.
The report does not specify how much money was lost due to this flaw. It might be challenging to pin down, but the fact that so many traditional banks were using a platform so vulnerable to outside attacks should concern enough. If it weren’t for the researchers at the Salt Lab, the flaw could have led to even bigger losses. The report highlights the possibility of stolen banking details, personal data, etc.
How Salt Security discovered the flaw
Salt Lab researchers discovered the vulnerability while scanning and recording the traffic across the company website. They saw the flaw in the request parameters that send the required data for funds transfer, specifically the “InstitutionURL” parameter. Once the vulnerability was detected, the researchers immediately notified the appropriate bodies and provided recommendations for mitigating the threat as soon as possible.
Salt Lab demonstrated the scope of the flaw by forging a malformed request that contained the company’s domain which demonstrated the SSRF fault within the platform. They proved that the server was blindly trusting domains and was issuing requests to that URL with no further inquiry.
As mentioned in the report published by Salt Labs, API flaws are often overlooked during routine security checks. The researchers noted that they encounter similar vulnerabilities in other fintech products daily. According to the company’s State of API Security report, 5% of organizations are dealing with API vulnerabilities and have experienced an API security threat during the past year. What’s also alarming is the jump in malicious API traffic in the first quarter of 2022 already.
Fintechs seem to be especially vulnerable to these flaws, as they rely on APIs to drive interactions between websites, apps, and users. This is why fintech companies are a prime target for hackers looking to exploit API vulnerabilities.
How to stay safe online?
With the rise of malicious API and other malware, it’s important to stay updated with the latest cyber security practices. The best way to ensure that you are protected is to use comprehensive security tools that conceal your identity and give you a heads-up every time there is suspicious activity on your accounts.
To retain your anonymity online and protect yourself from malware, you can invest in a good VPN app. When choosing a VPN provider, try looking for services in tune with online safety trends. NordVPN social responsibility reports demonstrate its involvement in cyber safety initiatives and its proactive approach to online accessibility and security.
NordVPN conceals your IP address but also offers built-in features for increased security. These features include sending alerts whenever you visit a suspicious website or download a file that contains malware. When it comes to online safety, it’s always best to think ahead before you come across a real security threat. Keeping your online identity anonymous and using tools that alert you to suspicious activity will go a long way in ensuring your safety online.