searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Help Net Security
Help Net Security
March 17, 2022
Share

Attackers have come to love APIs as much as developers

Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions.

attackers APIs

After analyzing some of the most interesting bot attacks throughout 2021, it’s clear that attackers have come to love APIs just as much as developers.

“Name one department in your company that does not use APIs. APIs are absolutely critical to business operations across sectors from healthcare to retail to banking,” said Larry Link, President and CEO of Cequence Security.

“The bottom line is that enterprises will remain at a high risk of losing valuable data, customer loyalty and revenue until they invest adequate resources into securing their APIs. Attackers aren’t slowing down any time soon, and it’s time businesses match that rate of innovation.”

Notable attacks can be categorized into three key trends.

Attack trend one: Fraud comes in many forms

Gift card fraud, loan fraud and payment fraud

In late July, Cequence saw retail customers get hit with a 2800% increase in ATOs averaging 700K attacks per day with the end goal of committing multiple forms of gift card fraud in the form of “scrape for resale” or “steal to then purchase” goods.

When investigating a loan application fraud attack, attackers were seen using the sub accounts feature on public email domains such as Gmail to create 3,000 email addresses which were then used to submit multiple loan applications distributed across multiple IP addresses. The discovery uncovered roughly 45,000 fraudulent loan applications.

As for payment fraud, researchers uncovered threat actors targeting an API and making regularly spaced payment authorization calls from more than 20,000 phone numbers, all emanating from three zip codes and representing 5.1 percent of the overall payment traffic. The CQ Prime threat research team analyzed the circumstances and shut down the attack before payment fraud was successful.

Attack trend two: Shopping bots get more sophisticated

Enter Bots-as-a-Service (BaaS)

Bots-as-a-service (BaaS) allows anyone to buy, rent and subscribe to a network of malicious bots and use it to acquire high-demand items. Cequence retail customers often perform short duration hype sales, which typically generate approximately 3M transactions over the typical product launch lasting a few hours. Bots drove the traffic to 36M (1200%) to 129M (4300%) above normal with up to 86 percent of the transactions being malicious.

Attack trend three: The account takeover cat-and-mouse game

The CQ Prime Threat Research Team helped a retail customer fend off a series of attacks over a three-month period that typified the extent to which attackers will modify their efforts in order to achieve success. Attack patterns went from massive in nature, with malicious ATOs making up 80% of the login traffic to the polar opposite patter of low, slow and perfectly formed transactions.




More about
  • account hijacking
  • API security
  • bot
  • Cequence Security
  • cyberattack
  • fraud
  • report
Share this

Featured news

  • Hijacking of popular ctx and phpass packages reveals open source security gaps
  • Sigstore: Signature verification for protection against supply chain attacks
  • Review: Hornetsecurity 365 Total Protection Enterprise Backup
Easily migrate to the cloud with CIS Hardened Images

What's new

New infosec products of the week: May 27, 2022

What is keeping automotive software developers up at night?

How to eliminate the weak link in public cloud-based multi-party computation

80% of consumers prefer ID verification when selecting online brands

Don't miss

How to eliminate the weak link in public cloud-based multi-party computation

GM, Zola customer accounts compromised through credential stuffing

Hijacking of popular ctx and phpass packages reveals open source security gaps

Sigstore: Signature verification for protection against supply chain attacks

Why are current cybersecurity incident response efforts failing?

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • Data centers on steel wheels: Can we trust the safety of the railway infrastructure?
  • Good end user passwords begin with a well-enforced password policy
  • Keep your digital banking safe: Tips for consumers and banks
  • Is cybersecurity talent shortage a myth?

(IN)SECURE Magazine ISSUE 71 (March 2022)

  • Why security strategies need a new perspective
  • The evolution of security analytics
  • Open-source code: How to stay secure while moving fast
Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise