Akamai sees API vulnerabilities as a high-stakes game for businesses and individuals around the world


Akamai’s latest security research examines the global API security landscape; reveals trends in attack traffic 2020-2021

CAMBRIDGE, Mass., October 27, 2021 / PRNewswire / – Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution to power and protect digital experiences, today released new research on the evolving threat landscape for application programming interfaces (APIs) ), which Gartner says will be the most common online attack vector by 2022. The report, ‘API: the attack surface that connects us all, ‘is the latest in Akamai’s State of the Internet / Security Report Series. The new report also features a collaboration between researchers at Akamai and Veracode, including a guest essay written by Chris Ing, director of research at Veracode.

Akamai Technologies, Inc. logo (PRNewsfoto / Akamai Technologies, Inc.)

APIs are inherently designed to be quick and easy pipelines between different platforms. While this focus on convenience and user experience makes APIs highly essential for many businesses, it also makes them attractive targets for cybercriminals. Akamai’s report highlights frustrating trends in API vulnerabilities, despite improvements to software development lifecycles (SDLC) and testing tools. Often, API security takes a back seat in the rush to bring them to market, with many organizations relying on traditional network security solutions that are not designed to protect the large attack surface that APIs have. can introduce.

“From broken authentication and injection flaws to simple misconfigurations, there are many API security issues for anyone building an internet-connected app,” said Steve ragan, security researcher at Akamai and author of the State of the Internet / Security report. “API attacks are both under-detected and under-reported when detected. While DDoS attacks and ransomware are both major problems, API attacks don’t get the same level of attention, largely because criminals use APIs in ways they don’t. ‘shard of a well – a ransomware attack executed, but that doesn’t mean they should be ignored. “

It’s not always clear where API vulnerabilities reside. For example, APIs are often hidden in mobile apps, suggesting they are immune to manipulation. The developers assume that users will only interact with APIs through the mobile user interface (UI), but, as noted in this report, that is not the case.

Chris Ing, Research Director at Veracode said, “Compare the Top 10 OWASP to the Top 10 OWASP API Security. The latter claims to address API’s “unique security vulnerabilities and risks”, but take a close look and you’ll still see web vulnerabilities, in a slightly different order, described in slightly different words. To add more fuel to the fire, API calls are easier and faster to automate (by design!) – a double-edged sword that benefits developers as well as attackers. “

Spikes in attack traffic indicate persistent API vulnerabilities

Also detailed in the report, Akamai reviewed 18 months of attack traffic between January 2020 and June 2021, finding more than 11 billion attempted attacks in total. With 6.2 billion recorded attempts, SQL Injection (SQLi) remains at the top of the list of web attack trends, followed by Local File Inclusion (LFI) with 3.3 billion and Cross-Site Scripting (XSS) with 1.019 billion.

Although it is difficult to identify the above attacks in terms of the percentage of pure API attacks, the Open the web application security project (OWASP), a nonprofit foundation that works to improve software security, recently released a Top 10 API Security List, which largely reflected Akamai’s findings.

Additional highlights of the report include:

  • Credential stuffing attacks tracked in the 18 months between January 2020 and June 2021 remained stable, with single-day peaks of over a billion attacks recorded in January 2021 and May 2021.

  • The United States has been the primary target for web application attacks during this observed period, with nearly six times more traffic than England, who placed second.

  • DDoS traffic has remained constant in 2021 so far, with peaks recorded earlier in the first quarter of 2021. In January 2021, Akamai recorded 190 DDoS events in a single day, followed by 183 in March.

Read the Akamai 2021 report “API: The Attack Surface That Connects Us All,” on our Status of the Internet page.

For more information, the security community can access, interact with Akamai threat researchers, and learn from Akamai Intelligent Edge Platform’s insight into the evolving threat landscape by visiting Akamai Threat Research Center.

About Akamai
Akamai powers and protects life online. The world’s most innovative companies choose Akamai to secure and deliver their digital experiences, helping billions of people live, work and play every day. With the world’s largest and most trusted edge platform, Akamai keeps applications, code, and experiences closer to users, and threats further away. Learn more about Akamai’s security, content delivery, and edge computing products and services at www.akamai.com, blogs.akamai.com, or follow Akamai Technologies on Twitter and LinkedIn.

Helen Yang
Media relations
[email protected]

Tom barts
Investor Relations
[email protected]



View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-finds-api-vulnerabilities-to-be-a-high-stakes-game-for-companies-and-individuals-worldwide-301409125.html

SOURCE Akamai Technologies, Inc.

Source link

Leave A Reply

Your email address will not be published.