Web apps and APIs were attacked more than ever last year

Vulnerabilities and misconfigurations are being exploited

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Web applications and APIs are popular targets for hackers, as they make use of flaws and misconfigurations to extract valuable data.

Verizon’sData Breach Investigation Report(DBIR) found that web apps were used in 80% of security incidents and 60% of breaches in 2023, and now a report from Barracudaclaimsto have dealt with 18 billion attacks on web apps last year, with over a billion in December alone.

It claims that many carry vulnerabilities or configuration errors, and since they often contain confidential information to businesses, such as personal and financial data, they make for prime attack targets.

Popular targets

Barracuda also found that 40% of IT professionals believe attacks on web apps to be one of the most lucrative for cybercriminals, while 55% thought the same of attacks on APIs.

Web applications include popularproductivity toolssuch asGoogleWorkspace andMicrosoft365, which allow users to work and collaborate on documents from anywhere via their web browser alone.

Barracuda found that most attacks on web applications targeted security misconfigurations (30%). The second most popular attack type was code injections (21%). These include not just SQL injections, but also Log4Shell and LDAP injections. The latter is used in privilege management, such as supporting Single Sign-On (SSO) for applications.

Bot attacks on web apps were also popular last year, with most (53%) being used for volumetric Distributed Denial of Service (DDoS) attacks. These are attacks that make use of IoT devices, and “flood the target with data packets to use up bandwidth and resources.” Barracuda points out that “such attacks can be used as a cover for a more serious and targeted attack against the network.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As for vulnerabilities in web apps, Barracuda believes that theProxyShell flawsoriginating from 2021 are still being exploited frequently, leading to high-value breaches and evenransomware.

Barracuda claims that “attackers will often target old vulnerabilities that security teams have forgotten about,” and that “multiple layers” of security are needed to secure web apps and APIs.

MORE FROM TECHRADAR PRO

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time