Local file intrusions and broken object-level authorization top application and API-related threat vectors, respectively, according to Akamai customer survey. Credit: Skorzewiak/Shutterstock An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions.Local file intrusions — in which attackers spoof a web application in order to either execute code remotely on a web server or gain access to files that they shouldn’t — were the most common attacks seen against Akamai’s customers in 2022, and the company warns that its high level of popularity means that it’s a technique that likely remains common in 2023.“The rise in LFI means the attackers are having success using it, so you should prioritize testing to see if you are vulnerable,” the report said. Local file intrusions (LFIs) rise by 193%LFI-based attacks grew by 193% between 2021 and 2022, in no small part because PHP-based websites are generally vulnerable to them. Eight out of 10 websites run the PHP scripting language, according to the report. Overall levels of web application attacks were substantially higher in 2022 than in 2021, averaging less than 50 million per day in 2021 and closer to 100 million in 2022.“[Attackers] are using LFI to gain access and they’re doing so with growing frequency,” said Steve Winterfeld, advisory CISO at Akamai. On the API side, the top-ranked vulnerability cited by Open Web Application Security Project (OWASP) is now BOLA, or broken object-level authorization. This flaw can allow attackers to manipulate the ID of an object in an API request, in effect letting unprivileged users read or delete another user’s data.Akamai said that this is a particularly high-risk attack, given that it doesn’t require any particular degree of technical skill to execute, and intrusions resemble normal traffic to most security systems.“The detection logic must differentiate between 1-to-1 connections and 1-to-many connections among resources and users,” the report said. “Postevent BOLA attacks are difficult to see because of its low volume and it does not show a strong indication of any behavioral anomalies, such as injection or denial of service.” One vertical that might find itself particularly in the crosshairs of web application and API attackers in 2023 includes healthcare, which has seen an influx of new devices under the internet of medical things aegis, and an associated app and API ecosystem spring up around them, Akamai said. Another is manufacturing, which, similarly, has seen IoT devices and associated systems proliferate, leading to a 76% increase in median attacks in 2022.Akamai urged all users to be cognizant of the growing threat posed by application- and API-based attacks and update organizational playbooks used for coping with them. Related content news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups feature AI governance and cybersecurity certifications: Are they worth it? Organizations have started to launch AI certifications in governance and cybersecurity but given how immature the space is and how fast it's changing, are these certifications worth pursuing? By Maria Korolov May 06, 2024 12 mins Certifications IT Training Careers news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 06, 2024 10 mins RSA Conference Security news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe