A “deep dive” from Bloomberg Law looks at the threat that DDoS attacks pose during holiday shopping seasons, but does not cite the potential for (and potential impacts of) Denial of App Service attacks. Here’s an excerpt from the article Holiday DDoS Cyberattacks Can Hurt E-Commerce, Lack Legal Remedy:
Cyberattacks that knock internet platforms offline temporarily—a particular concern on Cyber Monday—are likely to spike this holiday season, but victims have few legal avenues to seek recovery, attorneys and industry professionals say. Ransomware attacks that take control of victims’ systems garner more media attention, but distributed denial-of-service attacks are one of the most common cybersecurity incidents to disrupt a company’s business operations.
Hackers are increasingly using mobile apps as the vehicle to execute these types of DDoS attacks, either by manipulating or cloning apps or simply creating scripts which attack platforms using stolen API keys and other secrets.
Increasingly, mobile apps depend on the use of 3rd party APIs. API calls will be charged for and there may also be limits set on their number and frequency. If cloned apps or distributed bot scripts start flooding the backend with fake API calls then your quota will be quickly exceeded, service affected, and you may even rack up a big bill. So it is extremely important to take steps to prevent apps being manipulated by hackers and of course it’s important to take steps to stop API keys and other secrets being stolen and abused.