SiliconAngle reports that distributed denial-of-service attacks, bot traffic, and accelerated exploitation of zero-day bugs have been the primary cybersecurity threats against web apps and APIs over a year-long period beginning April 2023.
Thirty-seven percent of all thwarted app traffic was attributed to DDoS attacks, which have mostly targeted organizations in the gaming and gambling, IT and internet, cryptocurrency, computer software, and marketing and advertising sectors, according to a Cloudflare report. On the other hand, manufacturing and consumer goods, cryptocurrency, and computer security organizations, as well as the U.S. government were most targeted by bots. Despite such threats, most organizations were found to still leverage a negative security model for their APIs, noted researchers, who expect even more challenges in ensuring app and API security. "The IT sprawl makes it easier for attackers to find and exploit vulnerabilities. The broad nature of web application and API threats requires specialized approaches to stop specialized attacks. However, a consolidated approach helps ensure better security, latency-free connectivity, and business growth," said researchers.
