Leading the Charge in Preventing API Threats

Our mission is to help our customers and the security industry understand the Tactics, Techniques and Procedures (TTPs) utilized by cybercriminals to attack your public facing APIs and web applications. These attacks target coding errors that expose vulnerabilities and the underlying business logic resulting in fraud, data loss, and business disruption.

protected api

Four Pillars of Detection

 

 

Credentials

Credentials

An essential for automated business logic abuse such as account takeovers and fake account creation, cybercriminals need either legitimate and compromised, or fake credentials to carry out these attacks. The credentials research focuses on where the credentials come from, and how they are used in these attacks.

Tools

Tools

The most basic components of these type of attacks, the tools research focuses on the heuristics of the immutable characteristics of the code launching the attack. Increasingly, customized, one-off tools are being replaced by commercially available tools, making it easier to launch common attacks, yet more difficult for novice users to create sophisticated attacks.

Infrastructure

Infrastructure

An essential resource that bad actors need to anonymize themselves and distribute/randomize their attack with the end goal of appearing to initiate “legitimate” application transactions. By correlating data across a wide range of customers with a variety of attack types, our research will expose any distinct infrastructure usage patterns.

Behavior

Behavior

The heart of automated bot attacks, behavior represents the unique fingerprint of a cybercriminal that is using tools, infrastructure and credentials to launch the attack. Much of our research into “bot behavior” actually deals with the human element of automated bot attacks and how the cybercriminal  responds to mitigation, friction or any kind of defensive action.

Recent Threat Research

Gain valuable insight into how automated attacks operate and how you can prevent them.

Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain

Threat advisory: New Log4j exploit demonstrates a hidden blind spot in the global digital supply chain | Cequence Security Learn how Log4j has evolved to become LoNg4j and how it exposes the flaws in the digital supply chain.

View Now
Research Reports
API Security Threat Report: Bots and Automated Attacks Explode

A summary of the API attack trends observed during the last year. Attackers were active in their efforts to commit multiple types of fraud, steal sneakers and high value items and commit ATOs at very high volumes.

View Now
Research Reports
APIs: Developer Tool of Choice. #1 Target for Malicious Use.

Today, software is eating the world and APIs ARE TAKING THE BIGGEST BYTE. Modern cars, every mobile app we use, our favorite shopping site, and our finance management all rely on APIs to deliver an engaging user experience. For these same reasons, threat attackers love APIs. So much so that Gartner predicts that by 2022, API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications.

View Now

Stop ATO in 15 Minutes

Check out this short webinar on preventing ATOs that may lead to financial fraud.

Stop ATO in 15 Minutes