BeyondTrust has notified the US Treasury Department that cybercriminals have gained access to API keys used to secure cloud services that provide technical support. Stolen keys allowed cybercriminals to bypass security measures and gain remote access to employee workstations.
BeyondTrust temporarily disabled the service, but no evidence of continued access to the system was found. BeyondTrust also discovered two critical vulnerabilities (CVE-2024-12356, CVSS 9.8 and CVE-2024-12686, CVSS 6.6). One of these vulnerabilities has already been used in a real attack, as evidenced by CISA’s Known Exploited Vulnerabilities (KEV) catalog.
BeyondTrust reported a breach of its systems earlier this month. Attackers used access to API keys to reset passwords and gain control of SaaS accounts. This incident once again highlights the importance of API security controls and sound cybersecurity practices.
The incident highlights the need to improve the cybersecurity of cloud services; should reconsider the use of API keys as the only authentication method and implement a multi-layered security model.