ET-The-Economics-Times

India faces 3000% surge in API cyber attacks: report

Appsec Report 2024 Business

India saw a 3000% increase in cyber attacks on application programming interfaces (API) in the July-September quarter, according to a new report.API-focused distributed denial of service (DDoS) attacks were 85% more frequent than those on websites, highlighting the heightened risk landscape for organisations relying heavily on API gateways, cybersecurity company IndusFace said in a quarterly study.

There were 1.2 billion attacks detected during the quarter, including 271 million API attacks.

An API is a set of rules that allow software applications to communicate and interact with each other.

About 377 million DDoS incidents and 215 million bot attacks were detected. This marked a 145% year-over-year increase in bot activity, with DDoS attacks affecting 60% of websites and bot-driven threats impacting 90%, the report said.

“Attackers have traditionally targeted industries using various methods like DDoS attacks and bots. However, we’re now witnessing an evolution in their tactics, with a focus on exploiting websites and APIs using diverse attack vectors,” said Ashish Tandon, founder and CEO of Indusface.

Tandon added that the rise of large language models has significantly lowered the barrier for executing vulnerability attacks, and the study found triple-digit growth in such incidents.

“Alarmingly, over 30% of critical and high-severity CVSS (common vulnerability scoring system) vulnerabilities remain unpatched even six months after discovery,” he said.

Small and medium-sized businesses (SMBs) suffered a 175% higher rate of DDoS attacks per site compared to their larger counterparts, the report said, attributing this to budget constraints.

SMBs saw 354 million cyber attacks during the quarter.

The report also highlighted that the banking, financial services, and insurance (BFSI) sector faced double the industry average in bot attacks, with financial data increasingly targeted for theft and fraud.

Further, every healthcare site experienced bot attacks, exposing significant risks of credential abuse and data theft.

In retail and ecommerce, bot-driven attacks led to a 50% higher rate of vulnerability exploitation compared to DDoS attacks, indicating a broad spectrum of cyber threats, the study found.

Meanwhile, the frequency of attacks in the power and energy sector quadrupled. This was attributed to attackers exploiting lesser-regulated sectors for ransom-focused intrusions.

Read More…

Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.