At the RSA Conference 2022 event, Akamai today published a series of reports detailing how Web applications and application programming interfaces (APIs) are now favorite targets for highly organized cybercriminal gangs.
In the first half of 2022, the content delivery network (CDN) services provider reported it identified more than nine billion attack attempts, a three-fold increase over the same period a year ago. Most of those attacks involved local file inclusion (LFI), Structured Query Language injection (SQLi) and cross-site scripting (XSS). These collectively represent the largest volume of attacks Akamai has ever seen on its networks.
Specifically, LFI attacks increased by nearly 400%, and have now surpassed SQLi attacks as the most predominant web application and API attack vector.
In general, 55% of these attacks were directed at organizations in the U.S., while e-commerce sites represented 38% of attack activity.
Tony Lauro, director of security and strategy for Akamai, said it appears that cybercriminals are now squarely focused on exploiting vulnerabilities in web applications and APIs. The bulk of APIs are now regularly inspected so as they continue to proliferate, they have become a favored target that can be easily compromised, he noted.
At the same time, Akamai reports that an analysis of more than seven trillion Domain Name System (DNS) queries from the first quarter of 2022 finds more than one in 10 monitored devices communicated at least once to domains associated with malware, ransomware, phishing or some type of command-and-control tool. Overall, 9.3% of monitored devices communicated at least once with domains associated with malware or ransomware, 4.6% communicated with phishing domains and 0.7% communicated with a command-and-control tool.
Finally, Akamai reported that the Conti cybercriminal gang has been targeting businesses with revenues between $10 million and $250 million as part of a “Goldilocks” strategy that focuses on organizations that have enough resources to pay a hefty ransom but likely lack the cybersecurity resources of a larger enterprise.
In total, the report finds that 60% of successful Conti ransomware attacks are against organizations in the U.S, while 30% were against organizations in the U.S.
Conti and other cybercriminal gangs now operate much like any other business entity, noted Lauro. They not only have employees, they also have investors that put up the capital required to run a ransomware-as-a-service platform at scale, he noted.
For several years now, Akamai has been making a case for using its CDN to thwart these attacks. Rather than building and deploying applications in the cloud or an on-premises IT environment, the company enables an IT team to deploy applications on a CDN that provides a wide range of additional application security services. It’s not clear to what degree organizations are relying on CDNs to secure applications but, in effect, organizations that do are shifting the cybersecurity battle away from their own enterprise IT environments. The primary target becomes the CDN service and is, therefore, Akamai’s primary responsibility to secure.
The one thing that is clear, however, is that the volume of attacks being launched against that CDN continues to grow as more web applications are increasingly deployed on it.