Business
Akamai Research Finds 137 Percent Increase in Application and API Attacks
New Report Focuses on Emerging Threats Such as BOLA and SSTI CAMBRIDGE, Mass., April 18, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the
About this update from Akamai Technologies, Inc.
[{"type":"text","content":"New Report Focuses on Emerging Threats Such as BOLA and SSTI\nCAMBRIDGE, Mass., April 18, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report that focuses on the increasing proliferation of application and API attacks. Titled, Slipping through the Security Gaps: The Rise of Application and API Attacks, the report finds that such attacks are growing in both frequency and complexity as adversaries look for more innovative ways to exploit this growing attack surface.\n\n \n \n \n \n \n \n\n \nLast year was another record-breaking year for application and API attacks as they grew by 137 percent. This is a major concern since organizations are adopting more web applications and APIs to enhance their business and increase ease of use for customers. The report finds that Local File Inclusion (LFI) remains the top attack vector with year-over-year growth of 193 percent.\nThe new Akamai research also provides details on several emerging attack vectors such as Server-Side Template Injections (SSTI). With this technique, attackers abuse notable vulnerabilities such as Log4Shell, Spring4Shell and the Atlassian confluence vulnerability. SSTI poses serious business risks as attacks can lead to remote code execution and data exfiltration. Server-Side Request Forgery (SSRF) attacks are another up-and-coming attack vector that poses a substantial threat to organizations. Akamai observes a daily average of 14 million SSRF attempts against our customers' web applications and APIs.\nIn addition, Security Gaps: The Rise of Application and API Attacks spotlights Broken Object Level Authorization (BOLA). The top concern in the API threat landscape according to the OWASP API Top 10, BOLA is a simple, yet high risk attack that enables access to the information of other users. The report offers guidance and best practices around mitigating this growing vulnerability.\nOther main findings of the report include:\nAttacks on the healthcare industry grew by 82 percent. The adoption of the Internet of Medical Things (IoMT) in the healthcare sector expands the attack surface of this vertical and could lead to increased vulnerabilities.Median attacks on the manufacturing sector grew by 76 percent due to the proliferation of Internet of Thi...