Akamai report reveals 65% rise in API & app attacks in APJ
A recent report from Akamai Technologies highlights a substantial increase in web attacks targeting APIs and applications in the Asia-Pacific and Japan (APJ) region. According to the "Digital Fortresses Under Siege: Threats to Modern Application Architectures" report, these attacks rose by 65% from the first quarter of 2023 through the first quarter of 2024, reaching an 18-month high. This surge has significantly impacted countries across APJ, with Australia experiencing 14.6 billion attacks, India 12 billion, and Singapore 10.7 billion.
The report underscores the escalating threat landscape in the region, driven by the growing demand for APIs and applications. Akamai reported over 26 billion API and application attacks globally in June 2024 alone. This growth is attributed to organisations rapidly deploying applications to enhance customer experiences and drive business growth. However, this expansion has inadvertently increased the attack surface, exposing vulnerabilities such as poor coding practices and design flaws in web applications. The rapid growth of the API economy has further provided cybercriminals with more opportunities to exploit these weaknesses and misuse business logic.
During the period from Q1 2023 to Q1 2024, web attacks on APIs and applications in APJ peaked at 4.8 billion in June 2024. The financial services and commerce sectors bore the brunt of these attacks in the region. API abuse has become a significant concern for businesses that rely on these gateways to deliver their services. These attacks can take various forms, including data breaches, unauthorised access, and Distributed Denial-of-Service (DDoS) attacks.
The report also highlights a five-fold increase in Layer 7 DDoS attacks within APJ, totalling 5.1 trillion over the past year. These attacks target the application layer of websites and online services, overwhelming them with requests to slow them down or make them inaccessible. Such attacks are often utilised by hacktivists to disrupt political events, including elections, by flooding social media platforms with high volumes of legitimate-seeming requests. This tactic can hinder access to vital information, disrupt voter registration portals, and even delay the reporting of election results, impacting voter turnout and public perception of the electoral process.
Multiple elections scheduled in the APJ region this year present significant targets for such cyberattacks. Governments and businesses are urged to bolster their cybersecurity measures by deploying robust DDoS mitigation technologies, ensuring redundancy in critical infrastructure, and educating the public about potential cyber threats. Additional findings from the report include:
- Australia faced 14.6 billion web and API attacks during the reviewed period, followed by India with 12 billion and Singapore with 10.7 billion.
- From April 2023 to February 2024, the APJ region recorded the second-highest number of web application threats globally, only behind North America. Here, Singapore had the highest concentration of attacks at 2.9 trillion.
- High technology, commerce, and social media were the top three targeted industries in Layer 7 DDoS attacks, with over 11 trillion attacks globally within 18 months. The APJ region alone faced 5.1 trillion of these attacks.
- DDoS attacks affected multiple layers of traffic through various ports and protocols, including the Domain Name System (DNS), which was involved in almost 60% of DDoS events.
- The commerce industry experienced the highest number of API and web application attacks, hit with more than double the number of attacks compared to other sectors, including high technology.
Reuben Koh, Director of Security Technology & Strategy at Akamai Technologies APJ, emphasised the importance of robust security measures in response to the findings. "The APJ region frequently experiences web attacks targeting APIs and applications, a trend exacerbated by its rapidly digitising economies. As businesses move operations online more rapidly to meet time-to-market pressures, development and security resources are further strained, often resulting in overlooked security processes. It is therefore extremely important to establish a robust set of best practices to enhance security and resilience in this environment," Koh stated.
Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai, added, "Successful attacks against applications and APIs are becoming more common and they can impact an organisation's revenue and reputation." He further mentioned that the report offers a detailed analysis of attack strategies and preventive measures.