Financial services orgs face a growing onslaught of API endpoint attacks

Cybercriminals are increasingly targeting API endpoints, new research suggests

The last two years have witnessed a dramatic shift in the number of cybercriminals targeting API endpoints in an effort to bypass security controls.

Researchers who put together Akamai’s latest ‘State of the Internet’ report (PDF) reported more than 85 billion credential abuse attacks from December 2017 to November 2019.

A significant proportion (nearly 20%) of these attacks were against hostnames clearly identified as API endpoints, with Akamai noting a dramatic upturn in attacks targeting financial services organizations.

Mixed bag

APIs, in the context of the web, are interfaces designed for machines rather than humans. Cybercriminals are increasingly targeting these endpoints (rather than the more familiar points of entry, such as customer login portals) in an effort to bypass tighter security controls.

According to Akamai, APIs are now being used as a weapon of choice against the financial services industry, with almost 474 million attacks targeting financial organizations during the two-year reporting period. However, attacks against the sector were far from exclusively API-focused.

For example, Akamai recorded the single largest credential stuffing attack it had ever detected against the financial services sector, consisting of more than 55 million malicious login attempts. This attack was a mix of API targeting and other methodologies.

The financial services industry is being subject to more API endpoint attacks
Malicious login attempts against API endpoints has risen sharply among financial services targets

Last August, in a separate incident, criminals targeted APIs directly in a campaign that consisted of more than 19 million credential abuse attacks against an unnamed victim organization.

Aside from this growing type of malfeasance, Akamai discovered that the largest threat facing financial service firms in the UK and Europe comes in the form of account lock-outs and denial-of-service (DoS) attacks.

The problem is a side effect of the cat-and-mouse game between defenders working in the banking industry and cybercriminals – the latest phase of which has witnessed hackers trying to get around stronger authentication processes.

Back to basics

More generally, SQL Injection accounted for more than 72% of all attacks across all industries over the two-year period covered by the Akamai report.

That rate is halved to 36% when looking at financial services attacks alone. The top attack type against the financial services sector was Local File Inclusion (LFI), with 47% of observed traffic.

LFI attacks exploit various scripts running on servers in an attempt to force sensitive information disclosure.

Cross-site scripting (XSS) was the third-most common type of attack against financial services organizations, with a recorded 50.7 million attacks, or 7.7% of the observed attack traffic.

Akamai’s study also showed that miscreants are continuing to deploy distributed denial-of-service (DDoS) attacks with financial services organizations among the top targets.

The industry ranked third in attack volume, with gaming and high tech being the most common targets.

YOU MIGHT ALSO LIKE Offensive hacking tool maintains API security