API security was analyzed in a recent report by Cequence Security. The report is based on the analysis of API transactions over the second half of 2022.

The report covers tactics, techniques and procedures (TTPs) employed by threat actors targeting consumer-facing, business-to-business (B2B) and machine-to-machine APIs. 

Key findings include:

  • In the second half of 2022 alone, approximately 45 billion search attempts were made for shadow APIs, marking a 900% increase from the 5 billion attempts made in the first half of 2022.
  • There was a 550% increase in the number of unique TTPs employed by attackers, rising from approximately 2,000 in June to a staggering 11,000 towards the end of 2022.
  • From June 2022 to October 2022, attackers favored traditional application security tactics; however, as the holidays approached, there was a 220% surge in API security tactics.
  •  Most re-tool attempts in the telecom industry were entirely new TTPs, which shows that threat tactics utilized are diverse, sophisticated and persistent.