Akamai Technologies released a new State of the Internet (SOTI) report highlighting how increased demand for APIs and applications has made them prime targets for cyber threats. The report, "Digital Fortresses Under Siege: Threats to Modern Application Architectures," reveals that Akamai observed over 26 billion web attacks globally against APIs and apps in June 2024 alone. The Asia-Pacific and Japan (APJ) region experienced a 65% surge in attacks over the past year, particularly affecting financial services and commerce organizations.
The increase in attacks is linked to organizations rapidly deploying apps to enhance customer experience and drive business growth, which has expanded the attack surface and exposed vulnerabilities such as poor coding and design flaws in web apps. The growing API economy also provides cyber criminals more opportunities to exploit vulnerabilities and abuse business logic.
Securing APIs and Applications in APJ: Navigating Threats, Regulations, and Emerging Trends
From Q1 2023 to Q1 2024, the APJ region experienced a significant increase in web attacks against APIs and applications, reaching 4.8 billion in June 2024. The financial services and commerce sectors were the most affected.
API abuse remains a concern for businesses that rely on these gateways for access to their services. The report highlights that API attacks include data breaches, unauthorized access, and Distributed Denial-of-Service (DDoS) attacks.
Layer 7 DDoS Attacks and Political Elections
Layer 7 DDoS attacks in the APJ region increased five-fold over the past year, totaling 5.1 trillion attacks. These attacks overload websites and services with requests, aiming to slow them down or render them inaccessible. Hacktivists often use these attacks to disrupt political events, such as elections, by targeting social media platforms. This can affect voter turnout and public perception of the electoral process.
Key Findings
1. From Q1 2023 to Q1 2024, web attacks in the APJ region grew by 65%. Australia (14.6 billion), India (12.0 billion), and Singapore (10.7 billion) were the most affected, followed by China (4.3 billion), Japan (4.0 billion), New Zealand (2.1 billion), South Korea (1.6 billion), and Hong Kong SAR (1.5 billion).
2. From April 2023 to February 2024, Layer 7 DDoS attacks against the social media industry increased consistently. The APJ region ranked second to North America in web application threats. Singapore experienced the highest number of attacks at 2.9 trillion, followed by India (959 billion), South Korea (544 billion), Indonesia (260 billion), China (188 billion), Japan (83 billion), Australia (74 billion), and Taiwan (50 billion).
3. High technology, commerce, and social media were the top three industries targeted by Layer 7 DDoS attacks, with more than 11 trillion attacks globally in 18 months. The APJ region saw a five-fold increase, totaling 5.1 trillion attacks during the same period.
4. DDoS attacks targeted traffic across all ports and protocols in both infrastructure and application layers. The Domain Name System (DNS) was involved in nearly 60% of DDoS attack events.
5. The commerce industry faced the most API and web application attacks, more than double the amount of attacks on any other sector. The financial services and commerce sectors reported the most web attacks in the APJ region.
6. Common attack vectors targeting business applications and APIs include Local File Inclusion (LFI), Cross-Site Scripting (XSS), SQL injection (SQLi), Command injection (CMDi), and Server-Side Request Forgery (SSRF).
“The APJ region frequently experiences web attacks targeting APIs and applications, a trend exacerbated by its rapidly digitizing economies. As businesses move operations online more rapidly to meet time-to-market pressures, development and security resources are further strained, often resulting in overlooked security processes. It is therefore extremely important to establish a robust set of best practices to enhance security and resilience in this environment, especially given the high concentration of web attacks observed,” said Reuben Koh, Director of Security Technology & Strategy, APJ, Akamai Technologies.
“Successful attacks against applications and APIs are becoming more common and they can impact an organization’s revenue and reputation,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. Digital Fortresses Under Siege: Threats to Modern Application Architectures offers a deep analysis of how attackers target apps and APIs as well as strategies to prevent these dangerous incursions.”