Threat actors boost Web APIs to execute cyberattacks

November 17, 2021

New research findings reveal that Web applications cyberattacks are rising continuously, with most attacks coming from Web application programming interfaces (Web API). Researchers are not differentiating the attacks against Web applications and actual cyberattacks that are using Web APIs. However, they believe that the rise of attacks against Web applications is majorly coming from APIs brought by application servers. 

The attacks on Web applications are usually derived from the top three vectors, including cross-site scripting, SQL injection, and local file inclusion. These three attack vectors are responsible for about 95% of all Web application attacks executed through Web APIs. 

 

Despite the fast adaptation of APIs in developing Web, mobile, and cloud applications, developers are not usually considering security risks that can trigger cyberattacks. 

 

APIs are intended to help software access and communication. Developers find it easy to deploy APIs and attach it to processes; however, APIs’ security must also be observed. 

Nonetheless, the rise of cyberattacks originating from Web APIs is being examined by security researchers. One study said that about 90% of Web applications are vulnerable to attacks via exposed APIs than through user interface. While another study said that the overall API traffic has increased by over 140% in 2021’s first half, but the malicious API traffic has increased much faster, with over 350% rate. 

The Open Web Application Security Project (OWASP) previously published a list of Top 10 API security issues for 2019. The list asserts APIs’ unique vulnerabilities and cybersecurity risks; however, analysts believe that the items on this list are nearly alike with the same Web security mistakes from a couple of decades ago. 

A report has also documented the activity of Web application attacks within the last 18 months, with June 2021 revealing a spike that exceeded over 113 million attacks in one day. Furthermore, credential-abuse attacks activity, wherein threat actors intrude on an account using predictable credentials, has also shown a surge, which has tripled in the past 18 months. 

These attacks are most likely performed through an application’s API. 

Surveys have also been conducted with results revealing that APIs are more needed to work effectively rather than being ensured to be protected against potential threats. Software development teams seem to be pushing out codes that have vulnerabilities rather than taking time to patch it. 

Analysts advise that vulnerabilities among codes in APIs should not be ignored. Testings should also be a priority, and hardcoding passwords and tokens must be avoided. 

About the author

Leave a Reply