In the first month of 2024, the frequency of API attacks increased, affecting an average of 1 in 4,6 companies per week - a 20 percent increase compared to January 2023.
This upward trend, observed by Check Point Research in Check Point ThreatCloud AI data, highlights the urgent need for robust API security strategies.
- Significant increase in attacks: In the first month of 2024, 1 in 4,6 organizations worldwide were affected by web API attacks each week, a 20 percent increase compared to January 2023 and highlighting the growing risk associated with API vulnerabilities.
- Industry-wide impact: Education is the most affected sector, with most sectors reporting a double-digit increase in attacks compared to last year. Meanwhile, cloud-based enterprise networks are seeing a 34 percent increase in attacks compared to the same period last year and are overtaking on-prem organizational networks in the overall impact of API attacks, underscoring the evolving cloud threat landscape.
- Notable vulnerabilities and incidents: Exploits like the Fortinet authentication bypass and the Ivanti zero-day vulnerabilities had far-reaching impacts, with the latter resulting in unauthorized data access and the spread of crypto-mining malware, demonstrating the importance of protecting APIs from new ones threats is.
The cybersecurity landscape is constantly evolving, with web-based application programming interfaces (APIs) becoming the focus of cyberattackers. APIs that facilitate communication between different software applications provide a broader attack surface than traditional web applications. This is due to the inherent vulnerabilities of web APIs, which can lead to authentication bypassing, unauthorized data access, and a range of malicious activities. Despite companies' implementation of security measures, the presence of shadow APIs - those not officially created or secured by the company - poses additional risks, as does the adoption of third-party APIs that may later reveal vulnerabilities endanger all companies using it.
Serious API security flaws
The main vulnerabilities identified include serious security flaws in products from Fortinet, Joomla! and ownCloud, which enabled unauthorized access and disclosure of information. Additionally, Ivanti's recent encounter with zero-day vulnerabilities has resulted in significant security breaches, including unauthorized access and the use of crypto-mining malware, demonstrating the sophisticated nature of modern cyber threats.
- Fortinet Multiple Products Authentication Bypass (CVE-2022-40684) – 9.8 CVSS. This vulnerability, disclosed in October 2022, allows unauthorized users to bypass authentication measures in various Fortinet products. In 2023, an average of 1 in 40 companies worldwide were affected by this vulnerability per week.
- Joomla! Authentication bypass (CVE-2023-23752) – 5.3 CVSS. This vulnerability, announced in February 2023, is a vulnerability that allows unauthorized access to Joomla! websites, potentially compromising user authentication measures. In 2023 (post-announcement), an average of 1 in 42 companies worldwide were affected by this vulnerability per week.
- ownCloud Graph API Information Disclosure (CVE-2023-49103) – 7,5 CVSS. This vulnerability, announced in November 2023, is a vulnerability that could potentially expose sensitive information in ownCloud instances. In 2023 (post-disclosure), an average of 1 in 86 companies worldwide were affected by this vulnerability per week.
Thomas Boele Regional Director Sales Engineering DACH at Check Point Software explains: “Without APIs, modern applications, especially web and mobile apps, are unthinkable – over 80 percent of internet traffic contains API calls. By using APIs, very complex functions can be outsourced to third parties, including communication, signup, authentication, AI integration and much more, allowing companies to focus on the core functionality of their apps and bring them to market faster. Web Application Firewalls (WAF) are an essential element for implementing security strategies in this context.”
Enterprises rely on hundreds of APIs to support their technologies, but as APIs become more common, they have become a massive attack surface for malicious actors. The number of API attacks has increased significantly over the last year. Vulnerable web APIs are vulnerable to various threats and data breaches. API security must focus on protecting corporate data rather than protecting individual applications.
More at Checkpoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.
Matching articles on the topic