Attacks abusing programming APIs grew in excess of 600% in 2021


Safety analysts alert of a sharp increase in API attacks around the past 12 months, with most organizations even now subsequent insufficient methods to tackle the challenge.

Extra exclusively, Salt Safety experiences a expansion of 681% of API attack visitors in 2021, when the overall API website traffic increased by 321%.

These stats underline that as industries undertake API options, assaults towards them are expanding disproportionally.

Diagrams reflecting rise in API use and API attacks
Diagrams reflecting increase in API use and API assaults (Salt Protection)

All data introduced in Salt Security’s report was taken from a study of a various demographic of 250 workers working for businesses of diverse dimensions.

API attacks

API (Application Programming Interface) is a program interface supporting online solutions that rely on connections to trade data.

These connections want to be secured from unauthenticated obtain in any other case, any person would be capable to snatch the articles of the interactions concerning customers and systems.

An API attack abuses API specifications to perform data breaches, DDoS, SQL injection, male-in-the-middle assaults, spread malware, or allow any individual to authenticate as a consumer.

The hazards of these assaults are huge-scale and dire, which is why 62% of respondents in Salt Security’s study have delayed the deployment of apps due to API safety worries.

Taking the wrong method

Salt Security pinpoints the challenge is an above-reliance on pre-generation API stability and a aim on pinpointing security difficulties all through the enhancement stage.

Actuality has shown that most API attacks exploit logic flaws that become obvious only when the programs enter the runtime phase. Having said that, just a quarter of organizations even now employs stability teams at that last stage.

In addition, 34% of providers deficiency any API security method, so they rely entirely on the vendor of the API resolution.

(Salt Protection)

Lastly, the details displays that deploying API gateways or WAFs is not sufficient to detect and stop XSS, SQL, and JSON injection assaults, as these are performed only right after the menace actors have done the important reconnaissance and identified usable stability gaps.

Expanding complication

Most businesses need API updates and a specific element enrichment following the initial employment, which results in an progressively demanding venture to regulate.

Salt Stability reviews that 83% of its study respondents deficiency self-assurance that their inventory and documentation replicate all current API functions.

(Salt Stability)

An additional 43% stories concerns about out-of-date API functions that are no longer actively utilised in their applications but are nevertheless possibly readily available for abuse by risk actors.

(Salt Security)

Stability recommendations

Salt Protection sees signals of a shift in how the industry perceives and handles API protection but warns that we’re not there yet.

The major stability recommendations given in the report are the next:

  • Outline a robust API protection tactic for the overall lifecycle of APIs.
  • Validate present-day API models and existing controls and assess the present amount of danger.
  • Help frictionless API safety across all app environments, including on-premise, cloud, containers, legacy, etcetera.
  • Use cloud knowledge to discover styles of malicious reconnaissance actions and remain 1 phase forward.
  • Lower your reliance on “shift-left” code evaluate methods, and invest far more in runtime protection.