Akamai Research Finds 29% of Web Attacks Target APIs

NewsWebTechAkamai Research Finds 29% of Web Attacks Target APIs

Commerce is the most targeted sector with 44% of API attacks

CAMBRIDGE, Mass., March 19, 2024 — Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report. Lurking in the Shadows: Attack Trends Shine Light on API Threats highlights the array of attacks that are targeting APIs and finds that 29% of overall web attacks targeted APIs from January through December 2023. Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%.

APIs are vital to most organizations because they improve both employee and customer experiences. Unfortunately, cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. The new SOTI notes that these attacks will continue to spike as the demand for API use increases, and urges organizations to properly account for and secure their APIs.

This latest research analyzes some of the most common problem areas with regard to both posture and runtime challenges. It offers several case studies that underscore the real-world implications of API security for organizations and features breakout reports with data for the Europe, Middle East, and Africa (EMEA) region and the Asia-Pacific and Japan (APJ) region.

Other key findings of the report include:

  • Business logic abuse is a critical concern because it is challenging to detect abnormal API activity without establishing a baseline for API behavior. Organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping — a new data breach vector that uses authenticated APIs to slowly scrape data from within.
  • The range of attacks on APIs includes tried-and-true methods like Local File Inclusion (LFI), Structured Query Language injection (SQLi), and Cross-Site Scripting (XSS) to infiltrate their targets.
  • APIs are at the heart of most of today’s digital transformations so it is paramount to understand the industry trends and relevant use cases, such as loyalty fraud, abuse, authorization, and carding attacks.
  • Organizations need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re-architect.

“APIs are increasingly critical to organizations but their security is often not designed into the capability, or the security team is not able to keep up with the rapid deployment of new technology,” said Steve Winterfeld, Advisory CISO of Akamai. “Lurking in the Shadows: Attack Trends Shine Light on API Threats provides insights and visibility to help organizations leverage the best practices to protect customers.”

This year marks the 10th anniversary of Akamai’s State of the Internet (SOTI) reports. The SOTI series provides expert insights on the cloud security and web performance landscapes, based on data gathered from Akamai Connected Cloud.

About Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai’s cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog.

View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-finds-29-of-web-attacks-target-apis-302092424.html

SOURCE Akamai Technologies, Inc.

Read More: 
10 Best Data Privacy Tools in 2024


    By Submitting the form you agree to our terms and conditions described in our privacy policy. You can unsubscribe here.

    Related News


      By completing and submitting this form, you understand and agree to YourTechDiet processing your acquired contact information. As described in our privacy policy.

      No spam, we promise. You can update your email preference or unsubscribe at any time and we'll never share your details without your permission.