Lurking in the Shadows: Attack Trends Shine Light on API Threats
Akamai Blog – Steve Winterfeld; Akamai Security Intelligence Group March
Akamai’s latest State of the Internet (SOTI) report, “Lurking in the Shadows: Attack Trends Shine Light on API Threats,” highlights the growing threat to APIs and the need for better visibility and security controls
The report reveals that 29% of web attacks targeted APIs in 2023, with attackers using traditional methods like LFI, SQLi, and XSS, as well as API-specific techniques
Key insights:
APIs are increasingly targeted by cybercriminals, with nearly 30% of web attacks focusing on APIs
Organizations face API security challenges, including posture problems (e.g., shadow endpoints, unauthenticated resource access) and runtime problems (e.g., unauthenticated resource access attempts, abnormal JSON properties)
Visibility, vulnerabilities, and business logic abuse are three general challenges that APIs face, requiring comprehensive security programs
Organizations need to focus on API discovery, risk audits, behavioral detection, and threat hunting to enhance visibility and protect their API environment
Compliance requirements, such as GDPR and PCI DSS v4.0, are beginning to include APIs, shaping security programs
To keep APIs safe from attacks, organizations should:
Evaluate their discovery, investigation, and mitigation capabilities
Conduct red team testing to assess security posture and runtime issues
Build validation tests as purple team exercises to ensure effective mitigation processes
Use the use cases reviewed in the SOTI report as templates for test plans
The report also includes API attack trends by region (APJ and EMEA) and encourages readers to visit Akamai’s Security Research Hub for more insights and information on the latest threats.
Link: https://www.akamai.com/blog/security/attack-trends-shine-light-on-api-threats