Akamai Reports Massive Increase in Web Application and API Attacks
At RSA Conference 2022, Akamai today released a series of reports detailing how web applications and application programming interfaces (APIs) have become favorite targets for highly organized cybercriminal gangs.
In the first half of 2022, the Content Delivery Network (CDN) service provider reported identifying more than nine billion attack attempts, a threefold increase from the same period a year ago. Most of these attacks involved local file inclusion (LFI), structured query language injection (SQLi), and cross-site scripting (XSS). These collectively represent the largest volume of attacks Akamai has ever seen on its networks.
Specifically, LFI attacks have increased by nearly 400% and have now overtaken SQLi attacks as the most predominant web application and API attack vector.
Overall, 55% of these attacks targeted organizations in the United States, while e-commerce sites accounted for 38% of attack activity.
Tony Lauro, director of security and strategy at Akamai, said it appears cybercriminals are now entirely focused on exploiting vulnerabilities in web applications and APIs. Most APIs are now regularly inspected. As they continue to proliferate, they have become a prime target that can be easily compromised, he noted.
Meanwhile, Akamai reports that an analysis of more than seven trillion Domain Name System (DNS) queries from the first quarter of 2022 reveals that more than 1 in 10 monitored devices communicated at least once with domains associated with malware, ransomware, phishing, or some type of command and control tool. Overall, 9.3% of monitored devices communicated at least once with domains associated with malware or ransomware, 4.6% communicated with phishing domains, and 0.7% communicated with a command and control tool.
Finally, Akamai reported that cybercriminal gang Conti is targeting companies with revenues between $10 million and $250 million as part of a “Goldilocks” strategy that focuses on organizations that have enough resources to pay a high ransom but likely lack the cybersecurity resources of a larger company.
In total, the report reveals that 60% of successful Conti ransomware attacks are against organizations in the United States, while 30% were against organizations in the United States.
Conti and other cybercriminal gangs now operate like any other business entity, Lauro noted. They not only have employees, but also investors who bring in the capital needed to run a large-scale ransomware-as-a-service platform, he noted.
For several years now, Akamai has been advocating for the use of its CDN to thwart these attacks. Rather than building and deploying applications in the cloud or in an on-premises computing environment, the company enables an IT team to deploy applications to a CDN that provides a wide range of additional application security services. It’s unclear to what extent organizations rely on CDNs to secure applications, but, in fact, organizations that do so are taking the cybersecurity battle away from their own corporate IT environments. The primary target becomes the CDN service and is therefore Akamai’s primary security responsibility.
The one thing that is clear, however, is that the volume of attacks launched against this CDN continues to grow as more and more web applications are deployed on it.