Business
Akamai Research Finds 29% of Web Attacks Target APIs
Commerce is the most targeted sector with 44% of API attacks CAMBRIDGE, Mass., March 19, 2024 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the
About this update from Akamai Technologies, Inc.
[{"type":"text","content":"Commerce is the most targeted sector with 44% of API attacks\nCAMBRIDGE, Mass., March 19, 2024 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report. Lurking in the Shadows: Attack Trends Shine Light on API Threats highlights the array of attacks that are targeting APIs and finds that 29% of overall web attacks targeted APIs from January through December 2023. Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%.\n\n \n \n \n \n \n \n\n \nAPIs are vital to most organizations because they improve both employee and customer experiences. Unfortunately, cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. The new SOTI notes that these attacks will continue to spike as the demand for API use increases, and urges organizations to properly account for and secure their APIs.\nThis latest research analyzes some of the most common problem areas with regard to both posture and runtime challenges. It offers several case studies that underscore the real-world implications of API security for organizations and features breakout reports with data for the Europe, Middle East, and Africa (EMEA) region and the Asia-Pacific and Japan (APJ) region.\nOther key findings of the report include:\nBusiness logic abuse is a critical concern because it is challenging to detect abnormal API activity without establishing a baseline for API behavior. Organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping — a new data breach vector that uses authenticated APIs to slowly scrape data from within.The range of attacks on APIs includes tried-and-true methods like Local File Inclusion (LFI), Structured Query Language injection (SQLi), and Cross-Site Scripting (XSS) to infiltrate their targets.APIs are at the heart of most of today's digital transformations so it is paramount to understand the industry trends and relevant use cases, such as loyalty fraud, abuse, authorization, and carding attacks.Organizations need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re...