Alarming Findings: Attackers Uncover APIs in Under 30 Seconds!

In a shocking revelation, newly deployed and potentially unprotected APIs are being uncovered in a matter of mere seconds—specifically, in just 29 seconds—by threat actors, according to groundbreaking research from security leader Wallarm.

This innovative firm has rolled out what it claims to be the world’s first API honeypot, aimed at gathering insights for their eye-opening report titled "Gone in 29 Seconds: The World’s First API Honeypot," based on data collected over the first 20 days of November 2024.

The findings indicate that an overwhelming number of newly launched APIs pose significant security risks, primarily because many remain unmanaged and inadequately protected. Wallarm emphasized that the primary entry point for attackers was through common ports, with port 80 being the most targeted at 19%, closely followed by port 26657, then 443, 8080, and 8443.

In light of this trend, it’s alarming to note that attacks targeting APIs have surged by 400% in the last six months alone. The report identified the most frequent types of exploits: CVE (Common Vulnerabilities and Exposures) exploitation at 40%, discovery attempts at 34%, and authentication checks at 26%. Notably, the "/status" API endpoint emerged as the most probed, serving as a cautionary signal for developers.

The report sternly advised against naming public and unauthenticated API endpoints with generic names like "/status," "/info," "/health," or "/metrics." Rather, developers are encouraged to utilize unique or random identifiers, such as UUIDs or SHA256 hashes, akin to the protocols used for webhooks.

In a further breakdown of the data, Wallarm highlighted that APIs have now eclipsed traditional web applications as attractive targets, constituting over 54% of total requests compared to a little over 45% for web apps. While APIs attract more queries, the variety of unique exploits targeting web infrastructure remains concerning at 52%.

Perhaps the most disturbing aspect of this report is the revelation that cybercriminals can unleash attacks delivering 50 requests per second, distributed across 50 IP addresses, at a minimal cost of merely $50-$150 per month per IP address. This means that in a matter of just a minute, attackers could potentially siphon off 10 million records, all under the radar and with minimal bandwidth usage.

Wallarm concluded with a stark warning: “The API attack surface is undeniably expanding. As businesses increasingly adopt APIs for growth, attackers are right behind them, eager to exploit vulnerabilities.” Organizations are urged to reassess their current security practices and consider integrating new security measures to mitigate these rising risks.

**Don't become a victim! Stay ahead of the curve and secure your APIs now!**