Attacks Targeting APIs Increased By 400% in Last Six Months

Written by

Attacks targeting application programming interfaces (APIs) have increased 400% in the last six months. The findings come from a new Salt Security report, which also shows that 80% of these attacks happened over authenticated APIs.

The State of API Security Q1 Report 2023, compiled from survey responses of 400 security professionals and API developers, further shows that 94% of respondents have experienced security problems in production APIs over the past year, with 17% having experienced an API-related breach.

Due to the impact of such security issues, nearly half (48%) of respondents said that API security had become a C-level discussion within their organization.

“The rapid increase in attacks, in addition to the data provided by our survey respondents, reflect a growing understanding in the C-suite about the importance of purpose-built API security to reduce business risk,” explained Salt Security CEO, Roey Eliyahu.

According to the executive, API use substantially contributes to businesses’ digital transformation.

“However, the cost of API breaches, such as those experienced recently at T-Mobile, Toyota and Optus, put both new services and brand reputation, in addition to business operations, at risk,” Eliyahu added. 

Read more on the T-Mobile breach here: API Attacker Steals Data on 37 Million T-Mobile Customers

The report identified that API management has also become a significant business issue, with more than half of respondents (59%) saying they had to slow the rollout of new applications because of API security concerns. Only 23% said their existing security approaches were very effective at preventing API attacks.

According to the report, 90% of investigations undertaken by Salt Labs uncovered API security vulnerabilities, and 50% of those discovered should be considered critical.

“With bad actors continuing to find new and unexpected ways to attack APIs, organizations need to get serious about securing these critical assets,” Eliyahu concluded.

More information about API attacks is available in this analysis by PJ Bradley.

What’s hot on Infosecurity Magazine?