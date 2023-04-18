Akamai Research Finds 137 Percent Increase in Application and API Attacks

Author's Avatar
2 hours ago
Article's Main Image

PR Newswire

CAMBRIDGE, Mass., April 18, 2023

New Report Focuses on Emerging Threats Such as BOLA and SSTI

CAMBRIDGE, Mass., April 18, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet (SOTI) report that focuses on the increasing proliferation of application and API attacks. Titled, Slipping through theSecurity Gaps: The Rise of Application and API Attacks, the report finds that such attacks are growing in both frequency and complexity as adversaries look for more innovative ways to exploit this growing attack surface.

Akamai_v1_Logo.jpg

Last year was another record-breaking year for application and API attacks as they grew by 137 percent. This is a major concern since organizations are adopting more web applications and APIs to enhance their business and increase ease of use for customers. The report finds that Local File Inclusion (LFI) remains the top attack vector with year-over-year growth of 193 percent.

The new Akamai research also provides details on several emerging attack vectors such as Server-Side Template Injections (SSTI). With this technique, attackers abuse notable vulnerabilities such as Log4Shell, Spring4Shell and the Atlassian confluence vulnerability. SSTI poses serious business risks as attacks can lead to remote code execution and data exfiltration. Server-Side Request Forgery (SSRF) attacks are another up-and-coming attack vector that poses a substantial threat to organizations. Akamai observes a daily average of 14 million SSRF attempts against our customers' web applications and APIs.

In addition, Security Gaps: The Rise of Application and API Attacks spotlights Broken Object Level Authorization (BOLA). The top concern in the API threat landscape according to the OWASP API Top 10, BOLA is a simple, yet high risk attack that enables access to the information of other users. The report offers guidance and best practices around mitigating this growing vulnerability.

Other main findings of the report include:

  • Attacks on the healthcare industry grew by 82 percent. The adoption of the Internet of Medical Things (IoMT) in the healthcare sector expands the attack surface of this vertical and could lead to increased vulnerabilities.
  • Median attacks on the manufacturing sector grew by 76 percent due to the proliferation of Internet of Things (IoT) connections and the massive data collected from equipment in this sector. Successful cyberattacks against operating technologies in this industry enable real-world impacts like supply chain issues.
  • The new proposed OWASP API Top 10 emphasizes the divergence of attack vectors between web applications and APIs.
  • API attacks directed at the business logic of the API are complicated to detect and mitigate and cannot be determined at the individual request level. Pre-existing knowledge is required, such as the specific business logic and the resources accessible by each user.
  • Webshells allow for a simple and effective way to interact with web servers as they are stealthier than regular shells and present an attractive arsenal for attackers. Trending webshells discussed in the report include the China Chopper and Behinder webshells.

"As cybercriminals evaluate who provides the best return on investment based on the level of effort, the value of data or the likelihood of paying extortion, we often see shifts in attack trends," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. "Security Gaps: The Rise of Application and API Attacks offers insight into the attacks that organizations should be most concerned about and provides mitigation strategies for countering these threats such as stopping vectors at the edge, segmentation and patching."

For additional information, the security community can access, engage with, and learn from Akamai's threat researchers by visiting the Akamai Security Hub and following the team on Twitter at @Akamai_Research.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world's most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai's security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

Contacts

Jim Lubinskas
Akamai Media Relations
703.907.9103
[email protected]

favicon.png?sn=NE72158&sd=2023-04-18 View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-finds-137-percent-increase-in-application-and-api-attacks-301799102.html

SOURCE Akamai Technologies, Inc.

rt.gif?NewsItemId=NE72158&Transmission_Id=202304180632PR_NEWS_USPR_____NE72158&DateId=20230418
Rating:
NaN / 5 ( votes)
Research Tools
All-In-One Screener Stock Ideas Stock List Guru List Guru Real-Time Picks Insider List Insider Trades Economic Indicators Sector & Industry Performance DCF Calculator Discussion Board
Product
Pricing Plans Excel Add-In Google Sheets Add-on Data API Stock Comparison Table Manual of Stocks Mobile App 中文
Education
Financial Glossary Tutorials FAQ Schedule Free Session Buffett Indicator Shiller P/E Yield Curve Today U.S. Inflation Rate Global Market Valuation Buffett Assets Allocation
Company
About GuruFocus Career Contact Us ETF ADV Part 2A ADV Part 2B ADV Part 3 Advertise Site Map Term of Use Privacy Policy Referral Program Partner Program
Follow Us
Disclaimers
GuruFocus.com is not operated by a broker or a dealer. It has an affiliated registered investment adviser, which serves as the subadviser to an exchange traded fund. This investment adviser does not provide advice to individual investors. Under no circumstances does any information posted on GuruFocus.com represent a recommendation to buy or sell a security. The information on this site, and in its related newsletters, is not intended to be, nor does it constitute investment advice or recommendations. The individuals or entities selected as "gurus" may buy and sell securities before and after any particular article and report and information herein is published, with respect to the securities discussed in any article and report posted herein. Gurus may be added or dropped from the GuruFocus site at any time. In no event shall GuruFocus.com be liable to any member, guest or third party for any damages of any kind arising out of the use of any content or other material published or available on GuruFocus.com, or relating to the use of, or inability to use, GuruFocus.com or any content, including, without limitation, any investment losses, lost profits, lost opportunity, special, incidental, indirect, consequential or punitive damages. Past performance is a poor indicator of future performance. The information on this site, and in its related newsletters, is not intended to be, nor does it constitute investment advice or recommendations. The information on this site is in no way guaranteed for completeness, accuracy or in any other way. The gurus listed in this website are not affiliated with GuruFocus.com, LLC. Stock quotes provided by InterActive Data. Fundamental company data provided by Morningstar, updated daily.
© 2004-2023 GuruFocus.com, LLC. All Rights Reserved.