The APIthat is to say Application Programming Interfacesrepresent one of the most widespread solutions on the internet, with wide use in contexts such as services cloud e Web sites.
Their number, now very high, also means that some of them are not adequately protected, with consequent risks from an IT security point of view.
Confirming this concern is a new report presented by researchers at Impervain the context of the event The State of API Security in 2024.
According to data collected by the cyber security company, the 71% of all Internet traffic today happens through APIs. In fact, more and more companies and platforms rely on these digital services, sometimes without going too subtle with the prevention of cyber attacks.
Taking advantage of this situation in their favor, they are increasingly hacker who abuse APIs. In fact, through them, cybercriminals manage to steal sensitive informationaffecting different sectors with a certain frequency and intensity.
Hackers abusing APIs: the phenomenon is worrying
The context of financial services, according to research, is among the most affected. Likewise, those who receive a lot of attention from hackers are the retailers that operate online.
The document written by Imperva highlights how, in many cases, hackers abuse API endpoints in attacks Account Takeover (ATO). Last year, about 45% of the ATO attacks, they actually affected vulnerable APIs.
It should then be considered how this specific type of cyber attack often occurs through botwhich perform automated tasks, acting on a large number of endpoints.
Among the most notable cases of cyber attacks related to APIs is the recent theft of Authentication cookies which hit the browser Google Chrome. The context is delicate, but there is also some positive news. In fact, companies and organizations are taking more and more often adequate countermeasures.