Salt Labs Details New Form of “Elastic Injection Attack”

Salt Security released new Salt Labs API threat research in which it detailed instances of “Elastic Injection Attacks.” The API security company noted in its “State of API Security Report, Q3 2021” report that this widespread vulnerability results from the “mis-implementation of Elastic Stack, a group of open-source products that use APIs for critical data aggregation, search and analytics capabilities.”

Exploiting the Elastic Stack vulnerability allows users to extract sensitive customer and system data, or create a denial-of-service (DoS) condition that could render a system unavailable. Salt Labs first identified the flaw in a large online business-to-consumer (B2C) platform that provides API-based mobile applications and software as a service to millions of global users.

The researcher noted that API attacks increased by 348 percent over the past six months, in Q3, 2021.

Salt Labs revealed that “nearly every organization using Elastic Stack is affected.” The researcher indicated that the flaw makes users susceptible to injection attacks, whereby the bad actor exfiltrates data to launch a DoS event.

Salt co-Founder and CEO, Roey Eliyahu called the issue “prevalent and potentially dangerous,” noting that the issue “can lead to the exposure of sensitive data.”

According to Salt Security Technical Evangelist, Michael Isbitski, the issue “shows why architecture matters for any API security solution,” as well as why the user needs to “capture substantial context about API usage over time” and “architect application environments correctly.”