Akamai has released the 2019 State of the Internet and API Traffic report and among the key findings is this: American businesses need to up their protection of consumer and business data. That, because hackers are coming up with new schemes every day, from credential abuse to AIO bot attacks.
The bot attacks may be the most troubling; according to researchers, more hackers are using All-In-One, or AIO bots, to target the logins of financial institutions, merchants, and big businesses in a process called credential stuffing. In it, they use credentials stolen online and then use AIO bots to go site-to-site, trying to login with the stolen information. Once in, they deploy tools that make masses of purchases; a single AIO bot can target more than 100 merchants/businesses at the same time.
"Retailers remain on the front lines, because stolen merchandise sells quickly and at a premium. And for that reason, the data shows which merchandise is of the highest value: Apparel sites are targeted the most," said Martin McKeay, Senior Security Advocate, Akamai. McKeay was also the lead author of the report. He says API calls are also a concerning area. "The state of web applications is fluid, and many API calls are application or company-specific and require a different security approach than HTML traffic, which is seemingly static."
According to the report API calls are responsible for more than 80% of web traffic. Another industry being targeted by hackers: media/entertainment companies.
They're targeting these businesses, hoping to find personal information like credit cards that are used during consumers' on-boarding to OTT and other streaming services. Their data can then be sold on the black market.
Tags: AIO bots, Akamai, API trends, data breach, data security, digital security
Tweet