Attackers exploit APIs faster than ever before

2023-03-08 04:30

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm.

In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.

Since tracking this metric in Q2 2022, the research team has seen a continued decline in the average time between when a CVE is published and when the related exploit POC is published - from 58 days to four days to negative three days.

The average zero-day exploit found in Q4 was released more than two months before the CVE was published.

"It's obvious from recent news about mega breaches involving APIs, such as Optus and T-Mobile, that the API threat landscape is becoming more dangerous," said Ivan Novikov, CEO of Wallarm.

Based on the research, the research team has concluded that API portfolios will be at greater risk in 2023 as organizations struggle to improve API security, both during the development cycle and in production.

News URL

https://www.helpnetsecurity.com/2023/03/08/api-threat-landscape/

#API #exploit