Malicious API Traffic Now Accounts For 2.1% Of All API Traffic Seen: Salt Security

Salt Security yesterday published their quarterly report which found that malicious API traffic now accounts for 2.1% of all API traffic seen by its customers. On average, those organizations were hit by 26.46 million malicious API calls for the month of June 2022, a more than 100% increase compared to the 12.22 million average malicious API calls per month experienced in 2021. A total of 44% of customers are now seeing an average of 11 to 100 attack attempts every month, with 34% seeing more than 100 attempts each month and 8% seeing more than a thousand. The attacks are increasing at a time when overall API traffic grew 168% over the past year, the report noted. 

Giora Engel, CEO and Cofounder of Neosec had this to say:

     “The growth of the number of APIs with the increasing traffic is leading to an increase in the number of attacks, As the API attack surface grows, so does the number and sophistication of attacks. The shadow API problem is real, but more worrying is that very few companies know what normal usage of their APIs looks like and have no visibility it the abuse that is occurring. Being able to detect an API attack or any abusive behavior is becoming the biggest problem to solve for security professionals.”

This should serve as a warning on those who make or rely on API’s. Which is that security of API’s have to top of mind or they will be attack vectors for threat actors everywhere.

Leave a Reply