Introduction
The rapid discovery and exploitation of newly deployed APIs pose significant security risks. This trend is exacerbated by the increasing adoption of APIs, which often remain unmanaged and inadequately protected [3]. The following description outlines the current state of API security, highlighting the vulnerabilities and attack methods that threaten organizations.
Description
Newly deployed and potentially unprotected APIs are being discovered in as little as 29 seconds, with the longest recorded time being 34 seconds [2], and exploited within one minute of discovery [1] [5] [7]. This rapid identification highlights alarming trends that pose a significant security risk, as many APIs remain unmanaged and inadequately protected [3]. Research indicates that over half (54%) of observed request types were API-specific [7], with a plurality of these APIs accessed via port 80 (19%) [3]. Additional interactions occurred across various other ports [4], including 26657, 443, 8080, and 8443 [2] [3]. The most prevalent attack types identified were CVE exploitation (40%) [2] [3], discovery (34%) [2] [3], and authentication checks (26%) [2] [3], with the endpoint “/status” being the most frequently probed [3].
The growing API attack surface [2] [3], driven by increased API adoption and business growth [2], underscores the urgent need for organizations to enhance their security practices and tools. It is crucial to avoid common names for public and non-authenticated API endpoints; instead, using less common names or random identifiers such as UUIDs or SHA256 hashes is recommended for improved security. The study reveals that APIs have become a more attractive target than traditional web applications [3], accounting for over 54% of total requests [3] [6], while web applications accounted for just over 45% [3].
Threat actors can launch high-volume attacks at a rate of 50 requests per second from 50 different IP addresses [3], requiring minimal cloud infrastructure costing between $50 and $150 per month per IP [3]. By employing batching or single-request techniques [3], attackers could potentially exfiltrate millions of user records in under a minute, making such attacks difficult to detect [3]. The rapidly evolving API attack surface necessitates that organizations adapt their security practices and invest in robust protection and new security tools to effectively enhance API security. Actionable insights and recommendations are essential for organizations deploying APIs to address these alarming trends and improve their defenses.
Conclusion
The swift discovery and exploitation of APIs highlight the urgent need for enhanced security measures. Organizations must prioritize the protection of their API infrastructure by adopting advanced security tools and practices. By implementing unique identifiers and avoiding common endpoint names, they can mitigate potential threats. As APIs continue to surpass traditional web applications in terms of vulnerability, it is imperative for organizations to stay ahead of evolving attack methods and invest in comprehensive security strategies to safeguard their digital assets.
References
[1] https://www.lelezard.com/en/news-21643844.html
[2] https://betanews.com/2024/12/17/newly-launched-apis-found-by-attackers-in-under-30-seconds/
[3] https://www.infosecurity-magazine.com/news/new-apis-discovered-attackers-29/
[4] https://www.innovationopenlab.com/news-biz/38989/wallarm-releases-worlds-first-api-honeypot-report-highlighting-api-attack-trends.html
[5] https://markets.financialcontent.com/stocks/article/bizwire-2024-12-17-wallarm-releases-worlds-first-api-honeypot-report-highlighting-api-attack-trends
[6] https://www.newsminimalist.com/articles/attackers-can-find-new-apis-in-just-29-seconds-research-shows-4c3073da
[7] https://business.inyoregister.com/inyoregister/article/bizwire-2024-12-17-wallarm-releases-worlds-first-api-honeypot-report-highlighting-api-attack-trends
