API environments becoming hotspots for exploitation

2024-03-20 04:00

Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%. APIs are vital to most organizations because they improve both employee and customer experiences.

Cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation.

Business logic abuse is a critical concern because it is challenging to detect abnormal API activity without establishing a baseline for API behavior.

Organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping - a new data breach vector that uses authenticated APIs to slowly scrape data from within.

Around the world, companies are being fined for the failure to protect PII. A common business problem present in most API environments is a programming error or a configuration mistake that is detected during the discovery phase of maturing their API security program.

Although the majority of these errors are never exploited, the potential damage is apparent to security teams once they gain visibility into the API estate and the traffic running on each API. Too often, applications and business processes involving APIs are initiated and deployed faster than security teams can evaluate their posture.

News URL

https://www.helpnetsecurity.com/2024/03/20/apis-risk-exposure-concern/

#API #exploitation