Akamai Technologies recently released a State of the Internet report [2] [3] [5] [6], highlighting the increasing threat of API attacks on the commerce sector.
Description
The report reveals that commerce is the most targeted sector for API attacks, with 44% of attacks focusing on APIs. In 2023, 29% of web attacks targeted APIs, and almost one-third of suspicious bot requests globally targeted APIs [4], posing risks for credential stuffing attacks and data scraping [4]. Gartner predicts a doubling of API abuse and data breaches by 2024 [7], underscoring the need for enhanced security measures. Business logic abuse is a major concern [1] [4], as abnormal API activity can be challenging to detect without a baseline [4]. Organizations without monitoring solutions are vulnerable to data scraping attacks that exploit authenticated APIs to extract data slowly [4]. Akamai identifies posture and runtime issues as key problems and recommends a comprehensive API security program to mitigate threats [7]. Various attack methods [4], including Local File Inclusion [1] [3] [4] [5], SQL injection [1] [3] [4] [5], and Cross-Site Scripting [1] [3] [4] [5], are used to infiltrate API targets [4]. Compliance with regulations such as GDPR and PCI DSS can bolster API security [7]. Regional differences in attacks show EMEA as the most targeted region [7], with Spain [7], Portugal [7], the Netherlands [7], and Israel being top areas for attacks [7]. As the demand for API use grows, organizations are advised to prioritize proper API security measures and consider compliance requirements and emerging legislation early in their security strategy to avoid the need for re-architecting. Akamai’s Advisory CISO stresses the importance of integrating security into API capabilities and staying abreast of technological advancements to defend against evolving threats. The report offers valuable insights and best practices for organizations to protect their customers [2]. Richard Meeus [6], EMEA Director of Security Technology and Strategy at Akamai [6], underscores the need for commerce organizations to enhance detections and ensure complete visibility into API activity to combat cyber threats [6].
Conclusion
The increasing prevalence of API attacks on the commerce sector underscores the critical need for organizations to prioritize robust API security measures. By implementing comprehensive security programs, adhering to regulations [7], and staying current with technological advancements, businesses can safeguard against evolving threats and protect their customers’ data.
References
[1] https://www.prnewswire.com/news-releases/akamai-research-finds-29-of-web-attacks-target-apis-302092424.html
[2] https://www.darkreading.com/application-security/akamai-research-finds-29-of-web-attacks-target-apis
[3] https://www.ir.akamai.com/news-releases/news-release-details/akamai-research-finds-29-web-attacks-target-apis
[4] https://www.helpnetsecurity.com/2024/03/20/apis-risk-exposure-concern/
[5] https://www.investorsobserver.com/news/qm-pr/7861875026336331
[6] https://internationalsecurityjournal.com/akamai-technologies-api-attacks/
[7] https://www.csoonline.com/article/2066789/a-third-of-web-attacks-targeted-apis-in-2023-threatening-the-expanding-api-economy.html