Cyber Crime & ForensicPress ReleaseThreat Detection & Defense

First Time Ever API Attacks Surpass 50% of All Attacks, Reaching 58.4%

CDNetworks, an APAC-leading network to deliver edge as a service, released its annual State of Web Application and API Protection (WAAP) Report for 2022, which highlights the challenges that WAFs face in providing comprehensive protection against numerous threats. The report also suggests that adopting holistic solutions has been a key to protect an organization’s multi-channel assets and respond to a range of threats.

Surging Trend for All Types of Attacks in Relation to WAAP
Of particular note are the following indicators noted in the Security Report:

DDoS Attack Peaks and Incident Numbers Hit a New High Record

  • The number of network-layer DDoS attacks peaked at 2.09 Tbps, with Tbps-level attacks occurring eight times throughout the year, and the peak of application-layer DDoS attacks reached 34 M QPS.
  • CDNetworks’ security platform monitored and intercepted an average of 439,200 DDoS attack incidents per day, a year-on-year increase of 103.8%.

Web Application Attacks are Surging & WAF Struggles to Cover Diverse Threats

  • 45.127 billion web application attacks were detected and blocked throughout the year, an increase of 96.35% compared to 2021.
  • 87% of web-based businesses encountered two or more threats at the same time, with 65% of web-based businesses encountering three or more simultaneous threats.

API Assets Have Become the Top Target for Malicious Attacks

  • The percentage of attacks against APIs exceeded 50% for the first time in 2022, reaching 58.4%.
  • All API requests circulating on the CDNetworks’ content delivery network (CDN) cloud platform accounted for 61.3% of the platform’s total requests.

Bot Attacks are Increasing Rapidly

  • The CDNetworks security platform monitored a total of 163,185 million bot attacks throughout 2022, which was 1.93 times higher in 2021, and 4.55 times higher than in 2020.
  • Only about 60% of the traffic to web applications and APIs really were made by human visits.

The report also provides detailed analysis of these attack vectors and their associated techniques. For instance, low-frequency application layer DDoS attacks are discussed in depth, with emphasis on identifying risky IP addresses as the most effective defense against Second-Dialing-IP attacks. And CDNetworks also finds that some hackers exploited the 0-Day vulnerability before it was publicly acknowledged. Additionally, the report also brings attention to several types of API vulnerabilities that can be exploited by attackers to launch destructive attacks on API businesses.

Apart from these typical attack vectors, CDNetworks’ security expert team also further investigated and analyzed online business fraud incidents in this report, revealing that cybercriminals and fraudsters employ highly personalized and automated attack techniques on a large scale, in addition to using various device-emulating tools that falsify information. These techniques contribute significantly to the rise in online fraud risks.

“The landscape of web application and API protection is constantly evolving. Attackers are launching attacks with more prominent targets and a deeper understanding of typical scenario. And the most concerning aspect is the presence of highly developed illegal chains within industries that are particularly susceptible to attacks, such as e-commerce, travel, transportation, and online gaming.” Doyle Deng, Head of Global Marketing and Product of CDNetworks said. “The State of WAAP report gives companies an opportunity to understand the cybersecurity landscape they are facing and gain rich perspective to choose the right WAAP provider based on their needs.”

Click here to download State of Web Application and API Protection Report for 2022 or visit at www.cdnetworks.com.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *