New research released by Akamai Technologies reveals manufacturing in APAC is the most targeted vertical, facing nearly one out of three (31.2%) of API attacks.
Akamai Technologies has released a new State of The Internet (SOTI) report highlighting APAC manufacturers as at great risk as cybercriminals continue to exploit APIs to conduct attacks.
Lurking in the Shadows: Attack Trends Shine Light on API Threats highlights the array of attacks that are targeting APIs and finds that 15% of overall web attacks in APAC targeted APIs from January through December 2023.
The APAC manufacturing sector is most at risk, having suffered the most API-targeted attacks across industries, attracting nearly one out of three (31.2%) of all web attacks.
Akamai expects attacks to spike as the demand for API use increases, and strongly urges organizations to prioritize properly accounting for and securing their APIs – or risk suffering breaches.
APIs have become highly valuable to manufacturers as they enable the use of Industrial Internet of Things devices to increase efficiency, accelerate production and enable real-time management of factories and inventories.
This digital innovation and the rapid expansion of the API economy have presented cybercriminals with new opportunities for exploitation.
Successful attacks against APAC manufacturers can cause serious repercussions worldwide, given Asia’s crucial role as a global manufacturing hub.
“APIs are increasingly critical to organizations, but they are also challenged with protecting APIs effectively, as security is often not properly baked into the rapid development and deployment processes of newer technologies like APIs,” said Reuben Koh, Security Technology and Strategy Director (APJ), Akamai.
“As manufacturers use more APIs to enable real-time production monitoring, predictive maintenance, and cost optimization, they need to be more aware of the risks they are exposed to.”
Lurking in the Shadows analyzes some of the most common problem areas regarding posture and runtime challenges.
Other key findings in the report include:
- The top sectors suffering the highest percentage of web attacks that targeted APIs were manufacturing at 31.2%, followed by gaming at 25.2%, high tech at 24.4%, video media at 24.0% and commerce at 22.3%.
- The top five regions with the highest percentage of web attacks targeting APIs were South Korea at 47.9%, Indonesia at 39.6%, Hong Kong SAR at 38.7%, Malaysia at 26.4% and Japan at 23.4%. This was followed by India (19.0%), Australia (15.6%), Singapore (5.8%), the Philippines (5.5%) and New Zealand (4.8%).
- In APAC, top attack methods include Local File Inclusion (LFI) at 16.8%, Server-Side Request Forgery (SSRF) at 11.8% and Web Attack Tool (WAT) at 10.4%. Attackers are also favoring the use of newly surfaced vectors, like CMDi at 9.1% – which underscores that adversaries are continuously finding new methods and avenues to exploit targets.
- Business logic abuse is a critical concern as it is challenging to detect abnormal API activity without establishing a baseline for API behavior. APAC organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping – a new data breach vector that uses authenticated APIs to slowly scrape data from within.
- Bot requests are also concerning in APAC- nearly half of the more than two trillion suspicious bot requests were aimed at APIs.
- APIs are at the heart of most digital transformations today, so it is paramount for APAC businesses to understand their industry’s trends and relevant threats, like loyalty fraud, abuse, authorization and carding attacks.
- APAC organizations need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re-architect. Examples include section 6 of the upcoming Payment Card Industry Data Security Standard (PCI DSS) v4.0 on new API standards.
“Companies in APAC must ensure that the APIs they use are properly discovered and documented – and have complete visibility into their purpose and the risks they bring,” said Koh.
“Businesses also need to keep themselves updated on API threats – especially on emerging ones like API business logic abuse – and follow industry guidelines to protect against misconfiguration and vulnerabilities. Our new report provides key insights to help organizations leverage best practices to enhance security, as the use of APIs become more prevalent across all industries.”
Click below to share this article