APIs, a technology that underpins today's most used sites and apps, are being leveraged by businesses more than ever-ultimately opening the door to more online threats than seen before, according to Cloudflare.
APIs power the digital world-our phones, smartwatches, banking systems and shopping sites all rely on APIs to communicate.
They can help ecommerce sites accept payments, enable healthcare systems to securely share patient data, and even give taxis and public transportation access to real-time traffic data.
Nearly every business today now uses them to build and provide better sites, apps and services to consumers.
If unmanaged or unsecured, APIs present a goldmine for threat actors to exfiltrate potentially sensitive information.
The seamless integrations that APIs allow for have driven organizations across industries to increasingly leverage them - some more quickly than others.
The IoT, rail, bus and taxi, legal services, multimedia and games, and logistics and supply chain industries saw the highest share of API traffic in 2023.
APIs dominate dynamic Internet traffic around the globe, with each region that Cloudflare protects seeing an increase in usage over the past year.
The top regions that explosively adopted APIs and witnessed the highest traffic share in 2023 were Africa and Asia.
As with any popular business critical function that houses sensitive data, threat actors attempt to exploit any means necessary to gain access.
The rise in popularity of APIs has also caused a rise in attack volume, with HTTP Anomaly, Injection attacks and file inclusion being the top three most commonly used attack types mitigated by Cloudflare.
Shadow APIs provide a defenseless path for threat actors.
Organizations struggle to protect what they cannot see.
Nearly 31% more API REST endpoints were discovered through machine learning versus customer-provided identifiers - e.g., organizations lack a full inventory of their APIs.
Regardless if an organization has full visibility of all their APIs, DDoS mitigation solutions can help block potential threats.
33% of all mitigations applied to API threats were blocked by DDoS protections already in place.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 11 Jan 2024 04:43:04 +0000