Newly launched APIs found by attackers in under 30 seconds
Organizations rely on APIs to make their systems easily accessible across platforms. However, new APIs are typically less protected and less secure. New research from Wallarm shows the average time for a new API to be found by attackers is just 29 seconds.
The research used a honeypot to look at API activity and in its first 20 days in November the lngest time taken for a new API to be discovered was 34 seconds.
Don't get stuck in a honeypot
Honeypots have been around for years and are a tried and tested cybersecurity mechanism. By creating a fake environment with attractive assets, organizations use honeypots to lure attackers into a trap where their actions can be studied and learned from to improve cybersecurity measures. Simultaneously, they are protecting the business’ real assets by preoccupying the attacker with the decoys.
However, honeypots have a narrow field of view as the only activity that they detect is those that target them directly. If an attacker gains access to a network, but not through the honeypot, the business would be none the wiser. It is, therefore, crucial to have more than one honeypot -- a honeynet -- to make it effective. Yet, honeypots are very time-consuming to apply as they need to be installed in networks and systems in data centers. It can take as long as an hour to install just one and it lacks any level of scalability.
