searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Help Net Security
Help Net Security
March 17, 2022
Share

Attackers have come to love APIs as much as developers

Cequence Security released a report revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions.

attackers APIs

After analyzing some of the most interesting bot attacks throughout 2021, it’s clear that attackers have come to love APIs just as much as developers.

“Name one department in your company that does not use APIs. APIs are absolutely critical to business operations across sectors from healthcare to retail to banking,” said Larry Link, President and CEO of Cequence Security.

“The bottom line is that enterprises will remain at a high risk of losing valuable data, customer loyalty and revenue until they invest adequate resources into securing their APIs. Attackers aren’t slowing down any time soon, and it’s time businesses match that rate of innovation.”

Notable attacks can be categorized into three key trends.

Attack trend one: Fraud comes in many forms

Gift card fraud, loan fraud and payment fraud

In late July, Cequence saw retail customers get hit with a 2800% increase in ATOs averaging 700K attacks per day with the end goal of committing multiple forms of gift card fraud in the form of “scrape for resale” or “steal to then purchase” goods.

When investigating a loan application fraud attack, attackers were seen using the sub accounts feature on public email domains such as Gmail to create 3,000 email addresses which were then used to submit multiple loan applications distributed across multiple IP addresses. The discovery uncovered roughly 45,000 fraudulent loan applications.

As for payment fraud, researchers uncovered threat actors targeting an API and making regularly spaced payment authorization calls from more than 20,000 phone numbers, all emanating from three zip codes and representing 5.1 percent of the overall payment traffic. The CQ Prime threat research team analyzed the circumstances and shut down the attack before payment fraud was successful.

Attack trend two: Shopping bots get more sophisticated

Enter Bots-as-a-Service (BaaS)

Bots-as-a-service (BaaS) allows anyone to buy, rent and subscribe to a network of malicious bots and use it to acquire high-demand items. Cequence retail customers often perform short duration hype sales, which typically generate approximately 3M transactions over the typical product launch lasting a few hours. Bots drove the traffic to 36M (1200%) to 129M (4300%) above normal with up to 86 percent of the transactions being malicious.

Attack trend three: The account takeover cat-and-mouse game

The CQ Prime Threat Research Team helped a retail customer fend off a series of attacks over a three-month period that typified the extent to which attackers will modify their efforts in order to achieve success. Attack patterns went from massive in nature, with malicious ATOs making up 80% of the login traffic to the polar opposite patter of low, slow and perfectly formed transactions.

More about
  • account hijacking
  • API security
  • bot
  • Cequence Security
  • cyberattack
  • fraud
  • report
Share this

Featured news

  • 3 business application security risks businesses need to prepare for in 2023
  • Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
  • Attackers use portable executables of remote management software to great effect
Guide: How virtual CISOs can efficiently extend their services into compliance readiness

Sponsored

eBook: 4 ways to secure passwords, avoid corporate account takeover

Here’s the deal: Uptycs for all of 2023 for $1

2022 Cloud Data Security Report

Don't miss

3 business application security risks businesses need to prepare for in 2023

Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)

Attackers use portable executables of remote management software to great effect

How businesses can bolster their cybersecurity defenses with open source

ChatGPT is a bigger threat to cybersecurity than most realize

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us