Need cloud computing? Get started now

PRESS RELEASE

Akamai Research Finds 29% of Web Attacks Target APIs

Commerce is the most targeted sector with 44% of API attacks

Cambridge, MA USA | March 19, 2024

Share

Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report. Lurking in the Shadows: Attack Trends Shine Light on API Threats highlights the array of attacks that are targeting APIs and finds that 29% of overall web attacks targeted APIs from January through December 2023. Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%.

APIs are vital to most organizations because they improve both employee and customer experiences. Unfortunately, cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. The new SOTI notes that these attacks will continue to spike as the demand for API use increases, and urges organizations to properly account for and secure their APIs.

This latest research analyzes some of the most common problem areas with regard to both posture and runtime challenges. It offers several case studies that underscore the real-world implications of API security for organizations and features breakout reports with data for the Europe, Middle East, and Africa (EMEA) region and the Asia-Pacific and Japan (APJ) region.

Other key findings of the report include:

● Business logic abuse is a critical concern because it is challenging to detect abnormal API activity without establishing a baseline for API behavior. Organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping — a new data breach vector that uses authenticated APIs to slowly scrape data from within. 

● The range of attacks on APIs includes tried-and-true methods like Local File Inclusion (LFI), Structured Query Language injection (SQLi), and Cross-Site Scripting (XSS) to infiltrate their targets.  

● APIs are at the heart of most of today’s digital transformations so it is paramount to understand the industry trends and relevant use cases, such as loyalty fraud, abuse, authorization, and carding attacks.

● Organizations need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re-architect.

“APIs are increasingly critical to organizations but their security is often not designed into the capability, or the security team is not able to keep up with the rapid deployment of new technology,” said Steve Winterfeld, Advisory CISO of Akamai. “Lurking in the Shadows: Attack Trends Shine Light on API Threats provides insights and visibility to help organizations leverage the best practices to protect customers.”

This year marks the 10th anniversary of Akamai’s State of the Internet (SOTI) reports. The SOTI series provides expert insights on the cloud security and web performance landscapes, based on data gathered from Akamai Connected Cloud. 


About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense-in-depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.