loading...

Online shopping platforms are the top targets for API attacks

Online shopping platforms are the top targets for API attacks

Print Print Email Email

The growing digitalization has also resulted in a dramatic surge in the number of cyberattacks faced by e-commerce platforms. Over the last few years, the volume of attacks against online shopping platforms has increased significantly, as attackers are able to exploit different web applications. According to data from Akamai Technologies, one of the leading global API security providers, the e-commerce industry has been hit with 14 billion attacks over the last 15 months, leading to June 2023.

This data clearly indicates that e-commerce platforms are the top targets for API attacks in 2023. The data also revealed that retail, hotel, and travel firms are among the top thirteen industries targeted by intruders. These industries suffered 14.5 billion attacks or more than a third of all the cyberattacks studied by Akamai Technologies.

The rush to release web applications and application programming interfaces (APIs) to drive business growth during the global pandemic is the major factor behind the significant upsurge in attacks faced by e-commerce platforms over the last two years. With no proper API auditing and bug fixing, attackers have taken advantage of poor coding, security gaps, and design flaws to access personal and confidential information from e-commerce platforms.

  • Honda’s e-commerce platform was also vulnerable to unauthorized access due to flawed APIs, which allowed password reset for any account. The security gap in the e-commerce platform was discovered by Eaton Zveare, the security researcher who also breached Toyota’s supplier model, leveraging similar vulnerabilities.
  • In the case of Honda, the researcher exploited password reset API to reset the credentials of valuable accounts and then gain unrestricted admin-level data access on the firm's network. The unrestricted access revealed more than 20,000 customer orders across all dealers from August 2016 to March 2023. Furthermore, the email ids of thousands of dealers and customers also became vulnerable.

This incident further showcases how vulnerable e-commerce platforms have become due to their behavior of responding to customer needs and demands without proper API audits. With such APIs ranging from hundreds to thousands in numbers, more such incidents are expected to emerge going forward. As a result, it is critical for e-commerce platforms to increase their security budget and conduct a thorough audit of all the secured and unsecured APIs, which are critical for running business operations.

Over the last few quarters, the demand for API security platforms and tools has increased significantly among businesses across all industries. To meet the growing demand and further strengthen their position in the global market, API security providers are entering into mergers and acquisition deals.

  • Akamai Technologies, for instance, acquired another API security firm Neosec in April 2023. The API security solution offered by Neosec will complement the API security portfolio of Akamai Technologies. The acquisition, which is expected to close in Q2 2023, further extends Akamai Technologies' visibility in the fast-growing API threat landscape.

In H1 2023, a number of mergers and acquisition deals have been announced in the global API security market. IBM, for instance, announced the acquisition of Israel-based application security startup Polar Security in May 2023. In another acquisition deal, Zscaler announced the acquisition of Canonic Security, another Israel-based application security platform provider. These acquisition deals will enable IBM and Zscaler to strengthen their product offerings in the API security segment.

Going forward, TechInsight360 expects the trend of mergers and acquisition deals to further continue in the global market. Furthermore, innovative startups in the segment are also expected to raise funding rounds in H2 2023 and H1 2024, as the demand for API security tools and platforms continues to surge worldwide. The growth funding rounds are expected to drive the competitive landscape in the sector, while also players to expand their international presence. All of these factors indicate that the API security industry is poised for an accelerated growth trajectory over the next three to four years.

Featured Research

TechInsight360’s reports combine detailed view on market opportunity, best practices, emerging business models, and market innovation to help clients identify unique opportunities.

View Point
Brazil NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
China NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
Germany NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
India NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
Indonesia NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
Mexico NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
United States NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
Asia Pacific NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
Europe NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
View Point
Global NFT Market Intelligence and Future Growth Dynamics Databook
Learn more
Tech Insight360