Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Hackers abuse API popularity to break into accounts and steal data

API.

Application Programming Interfaces (API) are one of the pillars of today’s blazing fast, interconnected web apps, cloud-based solutions, and internet sites.

Their popularity also means that they are often shipped out without proper safeguards and contingencies, making them a huge risk factor for the cybersecurity of different organizations.

Hackers have been paying attention, and are increasingly targeting APIs in their malicious campaigns.

Malicious bots everywhere

These are the conclusions of “The State of API Security in 2024”, a new report published by cybersecurity researchers at Imperva.

According to the report, almost three-quarters (71%) of all internet traffic today is done by APIs. Furthermore, the average enterprise had 1.5 billion API calls last year. 

Aware of the advantages APIs can give a business, organizations are rushing to deliver as many digital services as they can, as fast as they can. An organization has, on average, 613 API endpoints in production these days, the researchers said.

This also makes them a risk. The good news is that businesses are aware, and many are adopting shift-left frameworks and SDLC processes to safeguard their products. However, in many cases, APIs are moved into production without proper audits, quickly becoming a security risk. 

Hackers, on the other hand, have been paying attention, and are increasingly abusing APIs in their efforts to steal sensitive data from organizations. Among different industries, organizations in financial services and online retail have had most API calls last year, and thus, have also had most API-related attacks. 

Most of the time, hackers would abuse API endpoints in Account Takeover attacks (ATO), the researchers said. Last year, almost half of all ATO attacks (45%) were against vulnerable API endpoints. To make matters worse, these attacks are rarely done manually. Instead, countless malicious bots run automated tasks, logging into vulnerable accounts, grabbing sensitive data, and more.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.