Newly launched APIs found by attackers in under 30 seconds

Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.

The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.

The most common attack types are CVE exploitation (40 percent), discovery (34 percent) and authentication checks (26 percent). Connections via port 80 are the most common (19 percent), with ports 26657, port 443, port 8080 and port 8443 coming next.

"There is no dispute that the API attack surface is growing. API adoption is fuelling business growth and attackers follow the money," the report's authors conclude. "The conclusions should drive organizations to adapt existing security practices and adopt new security tools. Discovery of your API Attack Surface is a must, and protection from API attacks in real-time is a hard requirement."

The report advises that public and non-authenticated API endpoints shouldn't be given common names like /status, /info, /health or /metrics. Using less common names or even a random UUID or SHA256 hash would help keep things secure.

What's also concerning is the ease with which these attacks can be launched, the research calculates threat actors are able to launch attacks of 50 requests per second, distributed across 50 IP addresses with only minimal cloud infrastructure. By using batching or single-request techniques, it's possible to steal 10 million records in about a minute or less at low cost and, because of minimal bandwidth, in a hard-to-detect way.

The full report is available from the Wallarm site.

Image credit: Alexandersikov/Dreamstime.com