API attacks are both underdetected and underreported

2021-10-28 04:30

Often, API security is relegated to an afterthought in the rush to bring them to market, with many organizations relying on traditional network security solutions that are not designed to protect the wide attack surface that APIs can introduce.

"From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application," said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report.

"API attacks are both underdetected and underreported when detected. While DDoS attacks and ransomware are both major issues, attacks on APIs don't receive the same level of attention, in large part because criminals use APIs in ways that lack the splash of a well executed ransomware attack, but that doesn't mean they should be ignored."

Spikes in attack traffic point to continued API vulnerabilities.

Also detailed in the report, 18 months of attack traffic between January 2020 and June 2021 have been reviewed, finding more than 11 billion total attempted attacks.

Credential stuffing attacks tracked across the 18 months between January 2020 and June 2021 remained steady, with single day peaks of over 1 billion attacks recorded in January 2021 and May 2021.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/phLggIsSy7Q/

#API #attack