2021 API Attacks Protocols Surface - How Often Attackers Aimed REST, GraphQL, gRPC, and Legacy APIs

Ivan Novikov, CEO, Wallarm Inc
Ivan Novikov, CEO, Wallarm Inc

Ivan Novikov, CEO, Wallarm Inc

It’s 2021 and we’re surrounded by cybercriminals. If you have managed to escape from 445 million cyberattacks that happened in 2020, a big congrats to you. But, there is nothing to sigh in relief as 2021 will witness a surge in cybercrime and attacks.

As per the recent Hackmageddon data, there were 160 cyberattacks in January 2020 and that number touched the mark of 183 in January 2021. It was 14% higher. So, if you have loosened your cyber security belt, tighten up now and read this post.

In this piece of work, we have come up with extensive research on how often REST, GraphQL, gRPC, and legacy APIs can get caught by a cyber con.

How often attackers aimed REST, GraphQL, gRPC, and legacy APIs in 2021?

APIs are at an all-time high and are driving the world. However, the increased cybersecurity risks have forced API developers to keep all their senses open and leave no stone unturned to strengthen the API security.

Below are attack-related statistics for REST, GraphQL, gRPC and legacy APIs in 2021 according to Wallarm firewall for a limited set of users:

Attacks Targeting REST API

As found in the Wallarm study, REST API is one of the most widely used APIs and has been the first choice of many developers. More and more applications are being developed using this API. This is why it has been the first choice of attackers in 2021.

Among the systems involved in this study, there were around 1.9M attacks that targeted the REST API so far. Out of all these, 16.34K attacks were due to Cross-Site Scripting (XSS), 162.93K attacks were done through SQL injection, 645.84K attacks were done through RCE (remote code execution), 1.04M attacks were Path traversal attacks, and 12.71K attacks were caused by NOSQL injection.

Additionally, there were 1.08M miscellaneous attacks from unknown sources.

Attacks Targeting SOAP/XMLRPC

SOAP and XML RPC are two crucial aspects of API development. For beginners, SOAP is a document-level transfer procedure and XML RPC supports values transfers. Attackers have made these two their target significantly.

A total of 2.76 million attacks have been done on the Wallarm user base selected for this study where SOAP/XML RPC was involved. Out of them, 29.1K were XSS attacks while 12.72K attacks were accomplished through SQL injection technique. RCE attackers are 1.31M in number and 641.02K were Ptrav (path traversal) attacks.

Attacks Targeting GraphQL

Anyone involved in API development will be aware of GraphQL as this is the most loved open-source data query language. With its usages, it’s easier than ever to fulfill the query, related to present data. As it’s free for usages, attackers find it very lucrative.

There were around 451.63k cyberattacks on APIs using GraphQL as per Wallarm data related to a specified set of users. 395.96K attacks were done using the XSS technique while 10.51K were done with the help of the SQL injection method. RCE, a very common attack technique, used in 43.35K GraphQL attacks and 1.81K attacks from various sources.

Attacks Targeting gRPC

gRPC is a widely used API framework for seamless data transfer. Using this framework, a particular program, deployed at one location on the internet, can easily transfer the data to a distant function of some different program, which is deployed at different internet locations for further processing.

This framework has a key role to play in API development. Hence, attackers have chosen it as their prey. However, no sufficient data is revealed as of now.

This API attacks related data, released by Wallarm, has raised an alarm to everyone who is involved in API development and API security. There has been a constant demand to adopt the best API security practices that can smell the cyber world vulnerabilities in early stages and prevent any severe damage.

Well, there is no more hunting as we have brought them up for you.

Early and timely vulnerability identification

API vulnerabilities, no matter what kind are they and at what stage they occur, can cause a serious headache if not handled at an early stage. We all know that spotting them is a tedious task to do as they can occur in application logic and disturb the whole API lifecycle.

Despite all these hassles, we will suggest having a responsive approach and spot them as early as possible. Keep in mind that API vulnerability identification should be done in both the internal and external APIs.

Try protecting the data as much as possible

Even if you’re keeping a close watch on the API vulnerabilities and trying your best to keep them at bay, attacks can outsmart you and can break-in. This is why it’s wise to safeguard that data so that even if the vulnerability enters the API infrastructure, no serious damage is caused.

Data encryption is a great way to make this happen. REST API supports HTTP. So, it’s a great choice to make. TLS or Transport Layer Security is one of the most famed and widely used processes for data encryption. In this method, authentication and verification from authorized personnel are required for data decryption and modification. For PIDs, it’s no less than a boon.

Make all the communication authenticated

While API development is going on, a lot of communication, via API keys, will take place. API keys are useful for task identification and data authorization. They are most commonly used for blocking traffic, coming from the unwanted source, and monitoring the calls made to the APIs.

If the attacker misuses these API keys then the entire API infrastructure will collapse.

So, authenticating them is more than imperative. One can take the help of secret keys, featuring special access tokens, for this task. The token will be generated for a limited time and will only be used based upon the stern credential discipline. Doing so will keep the danger of exposure of crucial information stored in API keys.

Monitor APIs regularly

Prevention is better than cure. So, it’s wise to keep an eye on APIs movement at every stage. Record all the inbound and outbound API traffic and its consumption.

Ending Notes

Now you can't just say that your API is secure.

In today's reality, you need penetration tests to check the level of protection of your APIs. You can hire a penetration testing team or simulate API threats with open source tools, see our guide - “How to hack API in 60 minutes” .