Close to 75% of all credential abuse attacks between 2017 and 2019 in the financial services industry directly targeted Application Program Interfaces (APIs), according to a report by global cybersecurity and cloud computing provider Akamai Technologies.
An API is a communication protocol that can help different parts of a computer program interact with each other more efficiently. This, in turn, can simplify the implementation and maintenance of software. APIs form the basis of a microservices architecture, a software development technique which arranges an application as a collection of loosely coupled services.
Think of microservices as different lego blocks, with each lego representing a specific function or application. The APIs for each of these lego blocks would be the studs/knobs that allow for different parts to be loosely attached together.
In its latest report, the security company observed 85.42 billion credential abuse attacks over a 24 month period. About 20% of these, or 16.5 billion, were against hostnames that could be clearly identified as API endpoints.
Around 473 million of the API attacks were targeted against the financial services industry, according to the “2020 state of the internet/security: Financial services-hostile takeover attempts” report.
API based microservices are one of the key drivers of the digital transformation of not only the BFSI (banking, financial services and insurance) industry but across domains, including healthcare, automotive, ecommerce, OTT services among others.
One of India’s leading financial services player, ICICI Bank, recently released a mega API portal with more than 250 APIs that could be utilised by enterprises and financial institutions. In November last year, Yes Bank also launched its own API sandbox. At the time of its release, the sandbox housed 50 APIs with use cases across management, payments, cards and customer relationship management.
“Criminals targeting the financial services industry pay close attention to the defences used by these organisations, and adjust their attack patterns accordingly,” Steve Ragan, Akamai security researcher and principal author of the report, said.
Local File Inclusion (LFI), which accounted for 47% of the observed traffic, was found to be the most common type of attack.
LFI attacks exploit data running on servers and can be used to force sensitive information disclosure. The report also showed Distributed Denial of Service (DDoS) attacks are a core component of hackers’ arsenal. Close to 40% of the unique DDoS attacks belonged to the financial services industry.