API Security Alert: Attacker Activity Surges By 400% In Half A Year

Rehan Pinjari
2 min readApr 4, 2023

--

API Security Alert

According to Salt Security’s newest State of API Security Report, there has been a 400% jump in unique attackers in the last six months.

Furthermore, approximately 80% of attacks happened via authenticated APIs.

Not surprisingly, nearly half of those surveyed (48%) now say API security is a C-level topic in their company.

According to the report, 94 of the people who responded faced security issues in production APIs in the past year, with 17 percent claiming a data leak as a result of API security problems.

The quick growth in attacks, together with the data supplied by the people surveyed, shows a growing insight in the C-suite about the need for purpose-built API security to reduce business risk,” says Roey Eliyahu, co-founder, and CEO of Salt Security.

“Pushed by APIs, ongoing digital transformation generates new business opportunities and competitive advantages.

So far, the cost of API hacks, such as those recently suffered by T-Mobile, Toyota, and Optus, puts the new services, brand reputation, and company operations at risk.

With threat guys finding new and unexpected ways to attack APIs, companies must take API security very seriously.”

Because of API security problems, more than fifty percent of those polled (59%) said they have had to slow the launch of new apps.

However, only 23% of participants felt their existing safeguards are extremely successful at stopping API attacks.

When asked about the most serious API security problems, 54% of participants said outdated or ‘zombie’ APIs are a big issue, up from 42% in the past period.

(In Salt’s past 5 studies, zombie, or out-of-date, APIs have been the top issue.) Account hijack (ATO) is a main agenda for 43 of the people polled, but only 20 percent mention shadow APIs as a critical interest, even though most environments are likely running unknown APIs.

Similarly, just 18% of participants are very confident that their API profiles give sufficient data about their APIs and the PII or sensitive data stored inside.

The complete research can be found on the Salt Security blog.

I hope you find this info useful. Please don’t hesitate to ask if you have any questions or just want further clarification.

I’m always happy to give you extra details or help.

Exit with impact — leave a $1 coffee for ongoing creativity!

Buy a coffee for Rehan
Click 👆 to support!

--

--