Cequence Security finds a problem with "shadow APIs."
API protection report describes malicious transactions.
Cequence Security has published a report on API security, finding that 31% of the 16.7 billion observed malicious transactions in the first half of 2022 targeted unknown or unmanaged APIs, also known as shadow APIs:
“Shadow APIs are a particularly pernicious threat that can be categorized as OWASP API9 (Improper Asset Management) abuse. Shadow APIs are a common problem in organizations that do not have proper inventory of their quality assurance/development API endpoints, or their versioning system, and attackers can easily discover API endpoints that will interact with production data. Shadow APIs can also appear when endpoints are coded to accept variables, or wildcard inputs either within the uniform resource identifier (URI) path or at the end.... Attackers are able to easily find shadow APIs by analyzing a production API which may be well protected, then simply fuzz or modify the values, enumerating through other API endpoints on different versions, under different hostnames, or simply accepting random characters at the end of the URI.”
The vast majority of malicious activity targeting APIs is powered by automation, for example, “sneaker bots attempting to cop the latest Dunks or Air Jordans, to stealthy attackers attempting a slow trickle of card testing fraud on stolen credit cards, to pure brute force credential stuffing campaigns.”