Commercial Sector: Key Target of Cyberattacks on APIs

The commercial sector remains the top target for cyberattacks on web applications and APIs, according to Akamai’s latest State of the Industry (SoTI) report. With over 14 billion attacks recorded worldwide, this industry faces an increasing threat, likely exacerbated by the ongoing digitization of companies and the inherent vulnerabilities present in general web applications.

"Instead of targeting large organizations, hackers are currently attacking customers with a series of sophisticated attacks, such as account takeovers and credential stuffing, to access user information and use their personal accounts for fraudulent transactions," says Hugo Werner, Regional Vice President for LATAM, Akamai. The company’s security research indicates that over 30% of phishing campaigns are directed at commerce customers.

Despite not being as heavily regulated as the financial or healthcare industries, the commerce industry demands an equivalent level of cybersecurity measures. According to Akamai’s report, commerce remains as the most-targeted industry, accounting for 34% of attacks observed by the company. Of those, retail accounts 62% of the attacks suffered in the commerce sector. A significant factor contributing to this vulnerability is that half of the JavaScript used in vertical commerce originates from third-party vendors, amplifying the risk of client-side cyberattacks, reports Akamai.

As the business landscape rapidly digitizes, it comes as no surprise that the commercial sector has become an attractive target for cybercriminals. The attacks against commerce approached 205 million between January 2022 and March 2023 in Latin America. Akamai´s results highlight that local File Inclusion (LFI) attacks increased by 314% between September 2021 and December 2022, showing a hacking trend leaning toward remote code execution (RCE), as well as attackers leveraging LFI to gain unauthorized access and extract valuable data.

Akamai also found that the use of malicious bots has generated over 5 trillion cyberattacks within a 15-month period, exacerbating fraud and other malicious attempts. Cybercriminal bot activity tends to escalate during the holiday shopping season, warranting heightened vigilance from businesses. However, even seemingly benevolent bots impact customer experience negatively by slowing down website performance.

The escalating frequency of attacks underscores the urgency for businesses to prioritize robust cybersecurity protocols to safeguard their operations and protect their customers' valuable data. While Mexico waits for an efficient Cybersecurity Law, organizations and businesses around the country should consider adapting their cybersecurity approach by updating its digital solutions, applying efficient penetration tests and constantly training software developers on the best cybersecurity practices on the market.