APIs are increasingly becoming attractive targets

APIs, a technology that underpins today's most used sites and apps, are being leveraged by businesses more than ever-ultimately opening the door to more online threats than seen before, according to Cloudflare.
APIs power the digital world-our phones, smartwatches, banking systems and shopping sites all rely on APIs to communicate.
They can help ecommerce sites accept payments, enable healthcare systems to securely share patient data, and even give taxis and public transportation access to real-time traffic data.
Nearly every business today now uses them to build and provide better sites, apps and services to consumers.
If unmanaged or unsecured, APIs present a goldmine for threat actors to exfiltrate potentially sensitive information.
The seamless integrations that APIs allow for have driven organizations across industries to increasingly leverage them - some more quickly than others.
The IoT, rail, bus and taxi, legal services, multimedia and games, and logistics and supply chain industries saw the highest share of API traffic in 2023.
APIs dominate dynamic Internet traffic around the globe, with each region that Cloudflare protects seeing an increase in usage over the past year.
The top regions that explosively adopted APIs and witnessed the highest traffic share in 2023 were Africa and Asia.
As with any popular business critical function that houses sensitive data, threat actors attempt to exploit any means necessary to gain access.
The rise in popularity of APIs has also caused a rise in attack volume, with HTTP Anomaly, Injection attacks and file inclusion being the top three most commonly used attack types mitigated by Cloudflare.
Shadow APIs provide a defenseless path for threat actors.
Organizations struggle to protect what they cannot see.
Nearly 31% more API REST endpoints were discovered through machine learning versus customer-provided identifiers - e.g., organizations lack a full inventory of their APIs.
Regardless if an organization has full visibility of all their APIs, DDoS mitigation solutions can help block potential threats.
33% of all mitigations applied to API threats were blocked by DDoS protections already in place.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 11 Jan 2024 04:43:04 +0000


Cyber News related to APIs are increasingly becoming attractive targets

Zombie APIs: The Scariest Threat Lurking in The Shadows? - Designed to rapidly and seamlessly connect consumers and businesses to vital data and services, APIs power modern enterprises and applications. APIs are constantly in action, working in the background for when consumers finally book that dream ...
9 months ago Cyberdefensemagazine.com
Cybersecurity challenges emerge in the wake of API expansion - As the technological landscape increasingly integrates AI, Cindric anticipates a profound impact on the evolution of APIs, emphasizing the growing importance of API security, authentication, and the challenges posed by zombie endpoints. Your recent ...
10 months ago Helpnetsecurity.com
Unified API Protection - A massive segment of organizations' digital footprint today is built around internal and external APIs. As more IT leaders realize and acknowledge the size of APIs' influence, it's become clear that new methods are needed to secure those APIs. While ...
1 year ago Cequence.ai
APIs are increasingly becoming attractive targets - APIs, a technology that underpins today's most used sites and apps, are being leveraged by businesses more than ever-ultimately opening the door to more online threats than seen before, according to Cloudflare. APIs power the digital world-our ...
9 months ago Helpnetsecurity.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations' Growing API Attack Surface - With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data. APIs have ...
8 months ago Cybersecurity-insiders.com
Cloudflare Report Surfaces Lots of API Insecurity - A report published by Cloudflare today finds machine learning algorithms employed by the content delivery network provider found 31% more REST application programming interface endpoints than its customers have self-reported. More than 15,000 ...
9 months ago Securityboulevard.com
10 Ways a Digital Shield Protects Apps and APIs - While far from perfect, this approach provided multilayer security defenses to protect apps and APIs. As network architectures gradually became more complex, so did protecting apps and APIs. The on-premises enterprise environment gave way to a hybrid ...
5 months ago Darkreading.com
API Security in 2024: Navigating New Threats and Trends - As we step into 2024, the landscape of API security is at a critical juncture. The previous year witnessed a significant escalation in API-related breaches, impacting diverse organizations and bringing to light the critical vulnerabilities in API ...
8 months ago Cybersecurity-insiders.com
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
9 months ago Darkreading.com
Most API security strategies are underdeveloped. Let's unpack that. - Adaptation to Change: Strategies are not static; they evolve over time. Applying these concepts to information security and cyber security in general, we can easily see that having a strategy is a) nothing novel and b) applicable to all. Filter down ...
10 months ago Itsecurityguru.org
API Gateways and API Protection: What’s the Difference? - Security Boulevard - At the security level, API security tools and gateways provide different controls to protect APIs from various threats. API protection – or API security – refers to a comprehensive set of security capabilities designed to protect APIs from a wide ...
1 month ago Securityboulevard.com
The Power and Limitations of AI in Cybersecurity - Today's chief information security officers face new cybersecurity challenges because of the increasing use of artificial intelligence, particularly generative AI. This is not a surprise given the growing use of GenAI in the workplace, with fully ...
9 months ago Feeds.fortinet.com
From Social Engineering to DMARC Abuse: TA427's Art of Information Gathering - Key takeaways  TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the North Korean regime. In addition to using specially ...
6 months ago Proofpoint.com
API Roadmaps and Authentication Experiences - In the dynamic landscape of digital product development, APIs have emerged as indispensable tools that not only connect systems but also play a pivotal role in shaping product roadmaps. In this exploration, we will unravel the multifaceted impact of ...
11 months ago Feeds.dzone.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
10 months ago Cyberdefensemagazine.com
Data Breaches on the Rise: A Deep Dive into the AI-Driven Privacy Crisis - It is becoming increasingly apparent that artificial intelligence has become increasingly widespread in many aspects of our lives as technology continues to advance at an unprecedented rate. It is anticipated that artificial intelligence is going to ...
9 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)