720-891-1663

AI, Alerts, Best Practices, Security Practices

How Quickly Are Exposed API Keys Detected by Hackers?

Leave a comment

Inquiring minds want to know, as the expression goes.

The real question is how quickly can you detect and respond to the exploitation of exposed keys? I bet it is a lot longer than it takes the hackers to find them.

Here is what the researchers did.

They did a “candy drop” – dropped keys in various places and waited for the hackers to try and use them.

The keys happened to be for AWS but I suspect that the numbers would be very similar for other platforms.

Here is where they dropped keys to be discovered:

  • Code hosting platforms GitHub and GitLab
  • Code repositories Docker Hub (for containers), npm (for JavaScript packages), PyPI (for Python), Crates.io (for Rust)
  • Repos for hosting and testing code snippets: JSFiddle, Pastebin and GitHub Gists
  • Developer forums like Stack Overflow, Quora, Postman and Reddit

So how long did it take the hackers to find these candy drops?

  • For GitHub and DockerHub – a few minutes
  • For PyPI, Pastebin and Postman – a few hours
  • For GitLab, Crates, GitHub Gists, and others – 1 to 5 days

There are AWS services that you can use (for a fee) that help you identify compromised keys, but even if you pay for and effectively use these services, they hackers almost always get there first. This is the miracle of automation and AI.

This means that companies need a new strategy for dealing with this – to shrink the attack surface.

Need help with this? Contact us.

Credit: Helpnet Security

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy