With web applications under increased attacks, Akamai has analyzed data points for web application firewall (WAF) multi-vector and DDoS attacks between April 2021 and March 2022 to determine the severity of the situation in Australia.
A massive spike in WAF attacks from September 2021 to October 2021, and a steady resurgence of these attacks with a 100% increase in Q1 2022. This shows that attackers are redoubling their efforts to disrupt the Australian market after a sharp drop between October 2021 and December 2021.
The WAF activity chart in Figure 1 shows the monthly number of WAF attacks recorded from April 2021 to March 2022 per attack vector represented by the colored lines.
The top attack vectors were XSS (cross site scripting) and LFI (local file injection), which could indicate that attackers are trying to inject or execute malicious payloads to plant malware and potentially initiate remote code execution attacks.
Akamai can reveal that the Australian financial services sector has become a top target for web and API application programming interface) attacks globally.
The preferred attack vectors were XSS and LFI with LFI topping the global attack vectors with more than 200 millions attacks. This is significant because the United States has been the largest target for WAF attacks by a large margin as compared with other countries globally.
API attacks become mainstream
Once limited to specific internal software applications (apps) primarily to reduce operational overhead and facilitate integration, APIs have now entered the mainstream.
The increasing shift to API-centric architectures, including mobile apps, microservices, composable architectures, and third party integrations is contributing to the sharp increase of API-related attacks.
This trend is evident on the Akamai platform with API traffic composing 92% of web volumes. The issue with a shift to APIs is that it challenges conventional approaches to security and governance, making them a ripe target for attackers.
As API-related risk is increasing, API protections were added to the OWASP Top 10, and regulators across the globe are implementing API security requirements to compel businesses to focus on addressing this growing area of vulnerability and risk.
We expect to see attacks continually increase over the course of 2022 that will impact organizations across all sectors, and organizations will need to find ways to mitigate such attacks by deploying API protections that can circumvent DDoS malicious injection, credential abuse, and API specification violations.
With Akamai, you can automatically and continuously discover and profile APIs, including their endpoints, definitions, resources, and traffic characteristics. Akamai’s cloud- and origin-agnostic approach allows for easy discovery across your entire application estate without any additional configuration required.
This visibility enables developers, application owners, and security teams to stay ahead of new, unknown, or changing APIs and to easily register them for protection.
In each of the past four years, Akamai was named the Leader in the Gartner Magic Quadrant for Web Application Firewalls. Akamai offers something nobody else has: an edge platform with unmatched visibility into the ever-evolving threat landscape.
The Akamai Intelligent Edge Platform has helped mitigate attacks on customers across all industries by providing broad API protections to deal with DDoS, malicious injection, credential abuse, and API specification violations while providing scalability and performance for API traffic.
Read More News: https://www.enterpriseitworld.com/news/ I Watch CIOtv: https://ciotv.live/ I Read IT Partner News: https://www.smechannels.com/