Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprise

Reports & Predictions

Posted: Wednesday, May 17

KBI.Media
$
Posts
$
BUSINESS
$
Reports & Predictions
$
Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprise

i 3 Table of Contents

Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprise

From KBI

New Research Highlights APIs are Now a Leading Attack Vector, Posing New and Significant Threats to Organisations

SUNNYVALE, Calif.—May 16, 2023— Cequence Security, the leading provider of Unified API Protection (UAP), today released its second half 2022 report titled, “API Protection Report: Holiday Build-up Shows 550% Jump in Unique Threats.” Developed by the CQ Prime Threat Research Team, the report is based on the analysis of approximately one trillion API transactions spanning various industries over the second half of 2022 and seeks to highlight the latest API threat trends plaguing organisations today.

As compared to other reports based on survey and qualitative data, this threat report covers actual tactics, techniques, and procedures (TTPs) employed by threat actors targeting consumer-facing, business-to-business (B2B), and machine-to-machine APIs. It serves as a critical resource for decision-makers, security professionals, and other stakeholders tasked with safeguarding their organisation.

“API breaches have plagued numerous high-profile organisations in recent months, elevating the need for CISOs to prioritize API protection. Attackers are getting more creative and specific in their tactics, and traditional protection techniques are no longer enough,” said Ameya Talwalkar, CEO and founder of Cequence Security. “As attack automation becomes an increasingly prevalent threat against APIs, it’s critical that organisations have the tools, knowledge and expertise to defend against them in real- time.”

Key findings include:

Shadow APIs Spike 900%, Highlighting a Lack of API Visibility: In the second half of 2022 alone, approximately 45 billion search attempts were made for shadow APIs, marking a 900% increase from the 5 billion attempts made in the first half of 2022.
Holiday Season Sees 550% Increase in Unique Threats: There was a 550% increase in the number of unique TTPs employed by attackers, rising from approximately 2,000 in June to a staggering 11,000 towards the end of 2022.
Attackers Increasingly Combine API and Web Application Security Tactics: From June 2022 to October 2022, attackers favoured traditional application security tactics; however, as the holidays approached, there was a 220% surge in API security tactics.
Attack Surface Sprawl Highlights the Telecom API Protection Challenge: Most re-tool attempts in the telecom industry were entirely new TTPs, which shows that threat tactics utilised are diverse, sophisticated, and persistent.
New OWASP API Threat Category API8 – Lack of Protection from Automated Threats, Validated: The CQ Threat Research Team previously identified the need for API10+ to go beyond the OWASP API Top 10 to include protection against automated attacks. The threat report findings and the addition of API8: – Lack of Protection from Automated Threats in the OWASP API Security Top 10 2023RC confirm the past observations made by Cequence and endorse the inclusion of native bot mitigation capabilities to a robust API security program.

The report clearly demonstrates that the API threat landscape is constantly evolving, and organisations need to be vigilant in protecting their APIs and web applications from automated threats (bots) and vulnerability exploits. Attackers are becoming more sophisticated and API-specific in their tactics, and traditional protection techniques continue to provide ineffective defence.

“Our research is vital in providing organisations with the necessary tools and knowledge to mitigate attacks in real-time,” Talwalkar continued. “By staying ahead of the curve and understanding the latest attack methods and tools, organisations can achieve Unified API Protection and build the awareness and confidence needed to protect their APIs from even the most sophisticated attacks.”

Download the full findings of the report
Read the blog
Register for the webinar on Thursday, June 22, 2023 “API Protection Report: Second Half Findings” at 11 am PST, 11 am BST and 11 am AEST.

About Cequence Security

Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory, compliance, dynamic testing with real-time detection and native mitigation to defend against fraud, business logic attacks, exploits and unintended data leakage. Cequence Security secures more than 6 billion API transactions a day and protects more than 2 billion user accounts across our Fortune 500 customers. Learn more at www.cequence.ai.

The Production Team

The KBI Production Team is a staff of specialist technology professionals with a detailed understanding across much of cybersecurity and emerging technology. With many decades of collective industry experience, as well as expertise in marketing & communications, we bring news and analysis of the cybersecurity industry.

Independent Cyber News.

i 3 Table of Contents

Get Your Cyber News Delivered

Similar Posts

Nozomi Labs Report Reveals Surge in OT & IoT Security Threats

Fortinet survey finds 78 per cent of organisations felt prepared for ransomware attacks, yet half still fell victim

9 Out of 10 Organisations in Asia-Pacific Report Digital Trust as ‘Extremely Important’: DigiCert Survey

Sophos Report Reveals 86 Per Cent Of Cybersecurity And IT Professionals In Australia Are Impacted By Burnout And Fatigue

Business News

Tech News

Global News

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

Global News

KBI.FM - The Cyber Podcast Network

Threats & Reports