Cequence Security, the industry leader in API security, today released its “API Security Threat Report: Bots and Automated Attacks Explode,” revealing that both developers and attackers have made the shift to APIs. Of the 21.1 billion transactions analyzed by Cequence Security in the last half of 2021, 14 billion (70 percent) were API transactions.
Three attack trends they discuss:
Attack Trend One: Fraud Comes in Many Forms – Gift Card Fraud, Loan Fraud and Payment Fraud
In late July, Cequence saw retail customers get hit with a 2800% increase in ATOs averaging 700K attacks per day with the end goal of committing multiple forms of gift card fraud in the form of “scrape for resale” or “steal to then purchase” goods.
Attack Trend Two: Shopping Bots Get More Sophisticated Enter Bots-as-a-Service (BaaS)
Bots-as-a-service (BaaS) allows anyone to buy, rent and subscribe to a network of malicious bots and use it to acquire high-demand items. Bots drove the traffic to 36M (1200%) to 129M (4300%) above normal with up to 86 percent of the transactions being malicious.
Attack Trend Three: The Account Takeover Cat-and-Mouse Game
Attack patterns went from massive in nature, with malicious ATOs making up 80% of the login traffic to the polar opposite patter of low, slow and perfectly formed transactions.