Akamai has released a new State of the Internet (SOTI) report dedicated to the increase in the EMEA region of attacks on apps and APIs, particularly concentrated in commerce. Entitled “Exploiting Security Holes: The Growth of Application and API Attacks,” the survey reveals that such attacks have grown in both frequency and complexity. And they are launched by criminals looking for more methods innovative to take advantage of this ever-increasing attack surface. So much so that there have already been a couple of “big bang” attacks in the geographical area observed.
A worrying phenomenon: attacks in the commerce sector are growing
2022 was a record year for app and API attacks in the commerce sector, with +189% in EMEA. This is a very worrying phenomenon as organizations are adopting more web applications and APIs for boost up your business and improve ease of use for your customers. The report reveals that Local File Inclusion (LFI) remains the top attack vector in this region, +115% annually. Value in line with global growth of 193%.
The UK anomaly
An anomalous fact emerges from the new research by Akamai. In fact, it detects a -4% in attacks on applications and APIs on the financial sector in the United Kingdom, the only geographical area to record a decrease in this market. This data further demonstrates that criminals are shifting their focus away from large financial institutions to directly target consumers. In its most recent SOTI report on services financial Akamai found that more than 80 percent of attacks against financial services targeted customer accounts rather than the organizations themselves.
Big bang attacks
- Attacks against the high-tech sector have increased by 176% in EMEA, while those against social media have grown by 404%.
- While there has been a steady increase in attacks overall, one “big bang” attack against a customer was observed in October 2022. This demonstrates how important it is for businesses to be prepared for record-breaking attacks.
- Attacks in the healthcare sector have increased by 55% globally. The adoption of IoMT (Internet of Medical Things) in this sector expands the attack surface of this market and can lead to an increase in vulnerabilities.
Attacks on apps and APIs are growing
- Attacks targeting the business logic of APIs are complex to detect and mitigate and cannot be established by an individual request. Pre-existing knowledge is required, such as the specific business logic and resources each user can access.
- The new OWASP API Top 10 list highlights the divergence of attack vectors between web applications and APIs.
- Web shells offer a simple and effective way to interact with web servers. Because they are more insidious than normal shells and have an attractive arsenal for criminals.
Equip yourself to defend customers
Alessandro Livrea, Country Manager of Akamai
Cybercriminals always follow the money. So it’s no surprise that attacks on commerce applications and APIs are on the rise in EMEA. An interesting fact that emerges from the report represented by decrease of attacks against the financial sector, which is being countered by an increase in attacks on individual customers. Banks must be alert to scams and take all necessary measures to defend their customers.