Akamai Technologies, Inc. , the cloud company that powers and protects life online, released a new State of the Internet report that shows how growth in demand for APIs and applications has transformed them into lucrative targets for threat actors. In Digital Fortresses Under Siege: Threats to Modern Application Architectures, Akamai notes that it observed more than 26 billion web attacks globally against APIs and Apps in June 2024 alone, with attacks surging by 65% over the last year in the Asia-Pacific and Japan region resulting in vulnerability of organizations in particular financial services and commerce sectors.
This surge in attacks is a result of organizations rushing to deploy apps for enhancing customer experience and business growth. This rapid deployment expands the attack surface, exposing vulnerabilities like poor coding and design flaws in web apps. Additionally, the rapid API economy growth also gives cybercriminals more opportunities for exploiting vulnerabilities and abusing business logic.
Securing APIs and Applications in APJ: Navigating Threats, Regulations, and Emerging Trends
From Q1 2023 to Q1 2024, the APJ region experienced a surge in web attacks against APIs and applications, peaking at 4.8 billion attacks in June 2024. Across industries, the financial services and commerce sectors experienced the most web attacks in the region.
API abuse in particular is a growing concern for businesses that increasingly rely on these gateways to provide access to their capabilities and services. The report notes that API attacks can occur in various forms, including data breaches, unauthorized access, and Distributed Denial-of-Service attacks.
Emerging Threat: Layer 7 DDoS Attacks and their Impact on Political Elections through Social Media
In the APJ region, Layer 7 DDoS attacks, which target the application layer of websites and online services, increased five-fold over the past year, totaling 5.1 trillion attacks during this period. These attacks overload websites and services by flooding them with requests, aiming to slow them down or render them inaccessible.
Hacktivists frequently employ this type of attack to disrupt significant political events, such as elections, and to manipulate voter sentiment via social media platforms. They typically flood key social media platforms with a massive volume of seemingly legitimate web requests which overload these servers, hindering access to candidate information, voter registration portals, and even election results updates. This has a direct influence on voter turnout or public perception of the electoral process.
The APJ region is set to witness multiple elections this year, presenting a significant target for hacktivists who may employ this strategy to disrupt these crucial democratic processes through social media platforms and election-related websites. Governments and businesses need to enhance their cybersecurity measures to safeguard against such threats by taking proactive measures such as deploying robust DDoS mitigation technologies, ensuring redundancy in critical infrastructure, and educating the public about potential cyber threats.
“The APJ region frequently experiences web attacks targeting APIs and applications, a trend exacerbated by its rapidly digitizing economies. As businesses move operations online more rapidly to meet time-to-market pressures, development and security resources are further strained, often resulting in overlooked security processes. It is therefore extremely important to establish a robust set of best practices to enhance security and resilience in this environment, especially given the high concentration of web attacks observed,” said Reuben Koh, Director of Security Technology & Strategy, APJ, Akamai Technologies.
“Successful attacks against applications and APIs are becoming more common and they can impact an organization’s revenue and reputation,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security at Akamai. Digital Fortresses Under Siege: Threats to Modern Application Architectures offers a deep analysis of how attackers target apps and APIs as well as strategies to prevent these dangerous incursions.”
Digital Fortresses Under Siege: Threats to Modern Application Architectures, includes a security spotlight offering advice on mobile app user agreements. It also features snapshots for the Europe, Middle East and Africa and Asian Pacific and Japan regions which provide data and case studies particular to those areas.
This year marks the 10th anniversary of Akamai’s State of the Internet reports. The SOTI series provides expert insights on the cybersecurity and web performance landscapes, based on data gathered from Akamai Connected Cloud