APIs: The Next-Frontier in Cyber-Crime

June 11, 2020
protect api's from bot attacks

This year is turning out to be the year that kicks every company’s digital transformation into high gear in order to support work-from-home and shelter-in-place restrictions. With such a quick shift to and expansion of API-based architectures, it’s important to note the security vulnerabilities and expanded attack surface that are now interesting targets for bad actors.

A recent analysis of our clients showed that across all industries – social media and entertainment, retail, dating, and financial services –attackers deploy various methods to abuse business logic or abuse APIs. Universally, they all experienced some form of an account takeover or fake account creation attack. And all but financial services were also hit with hard-to-stop content scraping attacks.

467M API Transactions Protected Daily

But, why are APIs such a common attack surface now?

Well, pretty much all the reasons developers love APIs are what makes hackers love them too. They are flexible, easy-to-use, and play nice with automation. So, armed with stolen credentials, bad actors can leverage a variety of tools to enumerate and discover your APIs and identify vulnerabilities that either give them access to accounts that can be taken over or to assume roles that give them more access to data or systems.

To learn more about the various types of attacks, you should watch our recent webinar, APIs: The Next Frontier in Cybercrime. Our CTO, Shreyens Mehta, walks through several types of attacks and the consequences that were avoided.

The good news is that with API protections in place, and the visibility needed to discover, assess, and mitigate API vulnerabilities also in place, you can make your web and mobile applicants an unattractive target for bad actors. Although some will be tenacious, the majority will move onto easier targets. And, these days, there are plenty more easy API targets out there.

Tags

Account TakeoverAPI AttackAPI Securitycontent scrapingFake Account Creation

About the Author

Matt Keil

Matt Keil

Director of Product Marketing

22 October 2020

How the HR System Enabled my Promotion to CEO

Read More
12 October 2020

An Alternative Approach to WAAP Architecture

Read More
28 September 2020

Tales from the Front Lines: Whitelist and Forget, A Cautionary Tale

Read More
22 September 2020

Cequence Security Named a 2021 TAG Cyber Distinguished Vendor

Read More
17 September 2020

Get Ready— It’s Almost Bots Attack Week!

Read More

Subscribe to our blog