Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
In late July 2021, online retailers got hit with a jaw-dropping 2,800 percent increase in attack takeovers. Dead-set on gift card fraud via “scrape for resale” and other types of fraud, the attacks spiraled up to the rate of 700,000 attacks per day.
In a separate case – of a loan application fraud attack – the threat actors used the sub accounts feature on public email domains such as Gmail to create 3,000 email addresses, which were then used to submit roughly 45,000 fraudulent loan applications distributed across multiple IP addresses.
Both are examples of API attacks: attacks that prey on application programming interfaces (APIs) that “have become the glue that holds today’s apps together.” as Cequence SecurityHacker-in-Residence Jason Kent explained for Threatpost in his August 2021 InfoSec Insider article on the top 3 API security vulnerabilities and how cyberattackers use them to pwn apps.
“There’s an API to turn on the kitchen lights while still in bed. There’s an API to change the song playing on