1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers abuse API popularity to break into accounts and steal dat

    From TechnologyDaily@1337:1/100 to All on Wed Mar 20 10:45:06 2024
    Hackers abuse API popularity to break into accounts and steal data

    Date:
    Wed, 20 Mar 2024 10:30:09 +0000

    Description:
    API calls take up the majority of internet traffic and hackers are paying attention.

    FULL STORY ======================================================================

    Application Programming Interfaces (API) are one of the pillars of todays blazing fast, interconnected web apps, cloud-based solutions, and internet sites.

    Their popularity also means that they are often shipped out without proper safeguards and contingencies, making them a huge risk factor for the cybersecurity of different organizations.

    Hackers have been paying attention, and are increasingly targeting APIs in their malicious campaigns. Malicious bots everywhere

    These are the conclusions of The State of API Security in 2024, a new report published by cybersecurity researchers at Imperva.

    According to the report, almost three-quarters (71%) of all internet traffic today is done by APIs. Furthermore, the average enterprise had 1.5 billion
    API calls last year.

    Aware of the advantages APIs can give a business, organizations are rushing
    to deliver as many digital services as they can, as fast as they can. An organization has, on average, 613 API endpoints in production these days, the researchers said.

    This also makes them a risk. The good news is that businesses are aware, and many are adopting shift-left frameworks and SDLC processes to safeguard their products. However, in many cases, APIs are moved into production without proper audits, quickly becoming a security risk.

    Hackers, on the other hand, have been paying attention, and are increasingly abusing APIs in their efforts to steal sensitive data from organizations. Among different industries, organizations in financial services and online retail have had most API calls last year, and thus, have also had most API-related attacks.

    Most of the time, hackers would abuse API endpoints in Account Takeover attacks (ATO), the researchers said. Last year, almost half of all ATO
    attacks (45%) were against vulnerable API endpoints. To make matters worse, these attacks are rarely done manually. Instead, countless malicious bots run automated tasks, logging into vulnerable accounts, grabbing sensitive data, and more.

    Via The Hacker News More from TechRadar Pro APIs are becoming a worrying security target - here's what your business can do to stay safe Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-abuse-api-popularity-to-break-i nto-accounts-and-steal-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)