Local file intrusions and broken object-level authorization top application and API-related threat vectors, respectively, according to Akamai customer survey. Credit: Skorzewiak/Shutterstock An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions.Local file intrusions — in which attackers spoof a web application in order to either execute code remotely on a web server or gain access to files that they shouldn’t — were the most common attacks seen against Akamai’s customers in 2022, and the company warns that its high level of popularity means that it’s a technique that likely remains common in 2023.“The rise in LFI means the attackers are having success using it, so you should prioritize testing to see if you are vulnerable,” the report said. Local file intrusions (LFIs) rise by 193%LFI-based attacks grew by 193% between 2021 and 2022, in no small part because PHP-based websites are generally vulnerable to them. Eight out of 10 websites run the PHP scripting language, according to the report. Overall levels of web application attacks were substantially higher in 2022 than in 2021, averaging less than 50 million per day in 2021 and closer to 100 million in 2022.“[Attackers] are using LFI to gain access and they’re doing so with growing frequency,” said Steve Winterfeld, advisory CISO at Akamai. On the API side, the top-ranked vulnerability cited by Open Web Application Security Project (OWASP) is now BOLA, or broken object-level authorization. This flaw can allow attackers to manipulate the ID of an object in an API request, in effect letting unprivileged users read or delete another user’s data.Akamai said that this is a particularly high-risk attack, given that it doesn’t require any particular degree of technical skill to execute, and intrusions resemble normal traffic to most security systems.“The detection logic must differentiate between 1-to-1 connections and 1-to-many connections among resources and users,” the report said. “Postevent BOLA attacks are difficult to see because of its low volume and it does not show a strong indication of any behavioral anomalies, such as injection or denial of service.” One vertical that might find itself particularly in the crosshairs of web application and API attackers in 2023 includes healthcare, which has seen an influx of new devices under the internet of medical things aegis, and an associated app and API ecosystem spring up around them, Akamai said. Another is manufacturing, which, similarly, has seen IoT devices and associated systems proliferate, leading to a 76% increase in median attacks in 2022.Akamai urged all users to be cognizant of the growing threat posed by application- and API-based attacks and update organizational playbooks used for coping with them. Related content feature AI system poisoning is a growing threat — is your security regime ready? NIST, security leaders warn that hackers will launch more poisoning attacks as artificial intelligence use increases, testing the strength of today’s security programs By Mary K. Pratt Jun 10, 2024 9 mins Cyberattacks Threat and Vulnerability Management Security Practices opinion Sleuthcon: Cybercrime emerges in Morocco and law enforcement gets creative At this year’s cybercrime-oriented conference Sleuthcon, Morocco emerged as a locus of cybercrime, while UK and US law enforcement highlighted how creative they've become in shaming and disrupting criminal groups. By Cynthia Brumfield Jun 10, 2024 8 mins Advanced Persistent Threats Hacker Groups Government news Spam blocklist SORBS shuts down after over two decades The service was unsustainable but those in the email deliverability industry expressed mixed feelings about the closure. By Evan Schuman Jun 07, 2024 4 mins Email Security Antispam news analysis New RansomHub ransomware gang has ties to older Knight group File encryption malware used by RansomHub appears to be a modified variant of the Knight ransomware, also known as Cyclops. By Lucian Constantin Jun 07, 2024 4 mins Hacker Groups Ransomware Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe