"Shadow APIs Hit With 5 Billion Malicious Requests"

Cequence Security published its "API Protection Report: Shadow APIs and API Abuse Explode" report for the first half of 2022. Approximately 5 billion (31 percent) malicious transactions targeted unknown, unmanaged, and unprotected Application Programming Interfaces (APIs), also known as shadow APIs, making this the top threat being faced by the industry. The report is based on an examination of more than 20 billion API transactions observed during the first half of 2022, and it aims to highlight the top API threats facing organizations today. Attacks on shadow APIs surged in April 2022, driven by high-volume content scraping as a precursor to shopping bot and gift card attacks, and have continued to rise in volume throughout the year. The second largest API security threat mitigated during the first half of 2022 was API abuse in which attackers targeted properly coded and inventoried APIs. This finding emphasizes the need to use industry-standard lists such as Open Web Application Security Project (OWASP) as a starting point. Based on 100 million attacks, the combined use of API2 (Broken User Authentication), API3 (Excessive Data Exposure), and API9 (Improper Assets Management) indicate that attackers are performing detailed analysis of how each API works, how they interact with each other, and the expected outcome. Therefore, developers must remain vigilant in adhering to API coding best practices. This article continues to discuss key findings from Cequence Security's "API Protection Report: Shadow APIs and API Abuse Explode" report for the first half of 2022. 

Help Net Security reports "Shadow APIs Hit With 5 Billion Malicious Requests"