Thousands of Cyber Attacks Exploiting API Infrastructure for Malicious Code Insertion
In the rapidly evolving digital landscape, a worrying trend has emerged: a significant increase in API-focused attacks. These attacks, targeting Application Programming Interfaces (APIs), have become a lucrative and vulnerable entry point for cybercriminals.
The sophistication of these attacks is evident in the methodologies employed. Threat actors demonstrate a deep understanding of application logic and business workflows, systematically probing for logic vulnerabilities using specialized automation frameworks. This allows them to execute thousands of seemingly legitimate requests, often reaching a staggering 15 million requests per second in single API-focused campaigns.
One of the most concerning aspects of these attacks is their invisibility to traditional security measures. Attackers utilise valid API calls that conform to documented specifications, making them undetectable by signature-based detection systems and traditional web application firewalls.
Financial services have been a primary target, with financial institutions accounting for 26% of all documented API incidents. Cybersecurity experts, such as Ralf Schmitz, have highlighted that the financial sector, including banks regulated by Germany’s BaFin, is a primary target of increasing cyberattacks, some using AI-driven methods.
To combat this evolving threat, companies like Stellar Cyber are focusing on strengthening Security Operations Centres (SOC) teams with open and seamless API integration. This move, publicly reported in February 2025, aims to detect API-oriented attacks in early 2025.
APIs represent only 14% of overall attack vectors, yet they receive a disproportionate focus from cybercriminals. Threat actors are conducting systematic credential stuffing operations against authentication endpoints, and maintaining active campaigns for weeks or months by carefully modulating request frequencies and rotating attack vectors.
The use of advanced tools, such as headless browsers, residential proxy networks, and automated reconnaissance phases, allows attackers to map API endpoints and identify parameter relationships with ease. This process often leads to the identification and exploitation of logical inconsistencies in complex API workflows.
Imperva analysts have identified a concerning trend where 44% of advanced bot activity is specifically on API environments. Persistence mechanisms employed in these campaigns often involve session token manipulation and distributed request distribution across multiple proxy networks.
With over 40,000 documented API incidents occurring across 4,000 monitored environments, it's clear that the cybersecurity landscape has seen an unprecedented surge in API-focused attacks during the first half of 2025. As the digital world continues to evolve, it's essential that cybersecurity measures adapt to meet these new challenges, ensuring the protection of our digital infrastructure.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
- Malicious applications with 38 million installs on Google Play have been removed; here's what you can do to ensure your device's security.
- Business Woes Unveiled: The Sticky Situation of PCI Compliance Revealed as a Valuable Ally for Your Enterprise
