APJ region sees 73% surge in web & API attacks in 2024
The report, titled 'State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain', identified a 73% year-over-year increase in web application attacks in APJ, representing the highest percentage increase globally.
According to Akamai, the APJ region experienced 51 billion web application attacks in 2024, up from 29 billion in 2023. The report attributed this sharp rise to the widespread adoption of artificial intelligence (AI), which, while enhancing threat detection, has also introduced new challenges through expanding attack surfaces and increasing attack complexity.
Australia was the most targeted country in APJ, facing 20.3 billion web and API attacks, followed by India with 17.3 billion and Singapore with 15.9 billion. Japan, China, South Korea, New Zealand, and Hong Kong SAR also experienced substantial attack volumes, ranging from 6.3 billion to 2.2 billion incidents.
Across APJ, financial services bore the brunt of the attacks, with over 27 billion web attacks, correlating with the sector's rapid integration of emerging technologies such as AI. Commerce was the second most targeted industry, accounting for more than 18 billion attacks.
Globally, the number of web and API attacks reached 311 billion in 2024, marking a 33% increase compared to the previous year. The report highlighted the growing threat to APIs as cyber attackers exploit authentication gaps and automate their attacks. Akamai identified 150 billion API attacks globally from January 2023 through December 2024, with AI-powered APIs noted as particularly vulnerable due to their accessibility and common lack of adequate authentication.
The study also documented a substantial rise in distributed denial of service (DDoS) attacks at the application layer (Layer 7).
Globally, Layer 7 DDoS attacks increased by 94%, reaching 7 trillion attacks, with the high-technology sector being most affected. The monthly volume of these attacks doubled from just over 500 billion in early 2023 to over 1.1 trillion by the end of 2024. HTTP flood attacks remained the predominant threat in this category.
Within APJ, Layer 7 DDoS attacks grew by 66% year-over-year, making it the second most targeted region worldwide. The region saw a total of 7.4 trillion attacks in this category over the two years, peaking at 504 billion in December 2024. Singapore recorded the highest number within APJ at 4.7 trillion attacks, with India and South Korea following at 1.1 trillion and 607 billion, respectively. Digital media platforms and commerce were the sectors most impacted in the region.
On a broader scale, the report identified over 230 billion web attacks globally targeting commerce organisations—almost three times the impact experienced by the high technology sector, the second most targeted industry. Security incidents related to the OWASP API Top 10 increased by 32%, revealing persistent issues with authentication and authorisation flaws. Additionally, security alerts referencing the MITRE framework rose by 30% as attackers adopted more advanced, automated, and AI-driven strategies.
Shadow and zombie APIs were identified as notable risk factors due to their prevalence in complex API ecosystems.
Reuben Koh, Director of Security Technology and Strategy at Akamai Technologies APJ, commented on the implications of the findings. "The surge in web and API attacks across APJ reflects more than just the region's rapid digital adoption, it also underscores the urgent need for cybersecurity to evolve rapidly with the growing integration of AI into enterprise ecosystems. As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly," he said. "This SOTI report will also dive into practical mitigation strategies on how organisations can better protect themselves against evolving threats."
The report also addressed the regulatory response to surging web and API attacks, noting stricter compliance requirements across the region.
Countries such as Singapore, Japan, India, and Australia have enacted or expanded legislation to increase cybersecurity oversight, including the introduction of the Cybersecurity Act 2024 in Australia and revisions to existing frameworks in other markets.
As regulatory enforcement intensifies and compliance deadlines approach, Akamai advised organisations to adopt a shift-left security approach, enhance API governance, and deploy AI-powered defences to safeguard against evolving threats.
Akamai's State of the Internet report series is now in its eleventh year, delivering insights into cybersecurity trends and web performance based on data from infrastructure responsible for processing a substantial proportion of global web traffic.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
24-06-2025
- Techday NZ
Akamai tool disrupts cryptominer botnets, cutting USD $38K
Akamai has released research outlining methods to disrupt cryptominer botnets, including the successful takedown of a large-scale operation that had been active for six years. Research findings The report details two new techniques that allow defenders to forcefully disable malicious cryptomining activities at scale. According to Akamai's researchers, exploiting "bad shares" can result in the banning of malicious mining proxies from cryptocurrency mining pools, causing the botnet's hashrate—the rate at which mining calculations are performed—to plummet from millions to zero almost instantly. One case study cited involved the identification and dismantling of a botnet that was generating 3.3 million hashes per second. By employing this method, Akamai's team cut off the attackers' estimated USD $26,000 in annual revenue. This was achieved by targeting a central point of failure in the botnet's infrastructure: the mining proxy, which was responsible for coordinating the activities of infected computers. The concept of bad shares The central premise of one of the techniques involves deliberately submitting invalid mining results, or "bad shares," to the mining pool via the compromised proxy. Mining pools typically validate submitted shares and penalise repeated invalid submissions by banning the associated source. As explained in the research report, "If we can make a back-end node or a pool to ban the attacker miners (a.k.a. victims), we can stop the resource exploitation of the cryptominer and essentially release the victims." When this method was applied to the targeted botnet, the mining proxy's hashrate fell from 3.3 million to zero, effectively terminating ongoing cryptomining on all connected victim machines and reducing their CPU usage significantly. XMRogue tool introduction To carry out these actions, Akamai developed a custom tool named XMRogue. This tool is designed to impersonate a miner, connect to a mining proxy, and submit consecutive bad shares, thereby causing the proxy to forward invalid results to the pool and triggering a ban. "XMRogue is a tool that enables us to impersonate a miner, connect to a mining proxy, submit consecutive bad shares, and eventually ban the mining proxy from the pool," the report states. One of the challenges addressed by XMRogue is the need to ensure that bad shares bypass the proxy's validation mechanisms and reach the pool for banning. The researchers detail how "crafting a custom share is relatively simple," provided that certain key values are extracted from the proxy's response messages to the miner. Testing and impact Testing with a real-world botnet, Akamai's team identified all associated mining proxies and targeted the most active one using XMRogue. The result was an immediate hashrate drop to zero for the proxy in question, and a substantial decrease in the botnet's overall revenue—from nearly USD $50,000 annually to USD $12,000, a 76% reduction. The research notes, "By targeting additional proxies, the revenue could have potentially dropped to zero." The team also observed that such an impact forces attackers to either completely reconfigure their infrastructure—which increases their risk of being discovered—or abandon the campaign altogether. Direct pool connections The report covers a second tactic for scenarios where victim machines are connected directly to public mining pools without intermediaries. In these cases, XMRogue can trigger the mining pool to temporarily ban a wallet address by sending more than 1,000 login requests simultaneously using that wallet. This measure is enforced by pools as an anti-abuse protection and can momentarily disrupt malicious mining. The researchers provided an example involving a smaller campaign leveraging the MoneroOcean pool. Initiating multiple logins with the attacker's wallet led to a rapid decline and eventual halt of the campaign's mining rate, though the effect was reversible once the technique was stopped. Defence implications Akamai's research notes that these techniques, which rely on the legitimate operational policies of mining pools, can shut down malicious cryptominer campaigns without affecting lawful miners. "A legitimate miner will be able to quickly recover from this type of attack, as they can easily modify their IP or wallet locally," say the researchers. For attackers running large botnets, however, reconfiguration would be far more complex and costly, offering defenders a practical way to impede cryptomining abuse at scale. Outlook on cryptomining threats Reflecting on the wider trend, Senior Security Researcher Maor Dahan stated, "We believe that the threat of cryptominers will continue to grow over time. But now we can fight back and disrupt the attacker's operation, making it much more challenging to monetize cryptominers effectively."
Otago Daily Times
17-06-2025
- Otago Daily Times
Govt to give itself power to override councils on housing
Housing and RMA Reform Minister Chris Bishop. Photo: RNZ The government will take back power from local councils if their decisions are going to negatively impact economic growth, development or employment. In a speech to business leaders at the Wellington Chamber of Commerce, Housing and RMA reform minister Chris Bishop has announced Cabinet will insert a new regulation power into the Resource Management Act. Before a minister can use the power they would have to investigate the provision in question, check whether it is consistent with the national direction under the RMA, and engage with the council. Bishop expected the power to only be necessary until the new planning system was in place, but said it was necessary when councils used their power to stop growth. Bishop on Wednesday released a discussion document on how proposed housing rule changes would work in with the government's resource management reforms. "Next year we'll replace the RMA with a new planning system that makes it easier to plan and deliver the housing and infrastructure New Zealand needs. "The new planning system is an enormous opportunity to create a planning system that enables and encourages housing growth," Bishop said. The document provided more details on six planned law changes: • The establishment of Housing Growth Targets for Tier 1 and 2 councils • New rules making it easier for cities to expand outwards at the urban fringe • A strengthening of the intensification provisions in the National Policy Statement on Urban Development (NPS-UD) • New rules requiring councils to enable a greater mixed-use zoning across cities. • The abolition of minimum floor area and balcony requirements • New provisions making the Medium Density Residential Standards optional for councils. Last month ministers released proposed sweeping changes to rules covering councils' oversight for public consultation. Under the proposed Resource Management Act changes, granny flats of up to 70sqm, and papakāinga of up to 10 homes would be allowed without a consent on specific land zones. Papakāinga would also allow commercial activities of up to 100sqm, conservation activity, accommodation for up to eight guests, along with education, health, sports, marae, urupā and māra kai papakāinga of up to 30 homes would be considered a "restricted discretionary" activity, with those of more than 30 units becoming "discretionary" activities.
Techday NZ
11-06-2025
- Techday NZ
APAC financial sector faces 245% surge in DDoS attacks, report finds
Financial institutions in the Asia-Pacific (APAC) region saw a 245% rise in volumetric Layer 3 and 4 distributed denial-of-service (DDoS) attacks last year, accounting for 38% of such incidents globally, according to a new joint report by FS-ISAC and Akamai. The report, titled From Nuisance to Strategic Threat: DDoS Attacks Against the Financial Sector, outlines the growing scale and persistence of DDoS attacks targeting APAC's financial sector. In 2023, APAC only accounted for 11% of these incidents, highlighting the extent of the increase. The analysis found that over 20 financial institutions across six countries were affected by sustained DDoS campaigns in the fourth quarter of 2024, creating downstream risk that could impact up to USD $8 trillion in value. These attacks were notable not for their size, but for their persistence and continuity, a trend not previously seen in APAC. The wave of attacks impacted multiple sectors, including retail banking, payment processing, investment banking, and financial governmental institutions. The report attributes a significant growth in application-level (Layer 7) attacks to the increasing use of application programming interfaces (APIs) within financial services. This expansion of digital infrastructure has introduced new vulnerabilities and a broader attack surface for malicious actors. FS-ISAC's Chief Intelligence Officer and Managing Director, EMEA, Teresa Walsh, commented on the changing character of DDoS threats: "DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain. As threat tactics continue to evolve — including those impacting APAC's increasingly digital financial systems — we must ensure our technical defenses evolve and our people, tools, and processes work seamlessly together. It is critical that we harden our infrastructure and foster a culture of continuous vigilance and collaboration to protect continuity and customer trust." Reuben Koh, Director of Security Technology & Strategy, APJ at Akamai, highlighted the changing nature of DDoS campaigns in the region: "DDoS attacks in APAC are no longer blunt-force attempts, but sophisticated multi-vector campaigns that exploit vulnerable systems and exposed APIs. As highly coveted target sectors like financial services, commerce, and manufacturing accelerate digital growth, these continuous attacks pose growing operational and reputational risks, and organizations must work with trusted cybersecurity partners who can provide the intelligence, scalability, and agility needed to defend themselves in today's threat landscape." The joint report also connects the increase in attacks to broader developments, including ongoing geopolitical tensions such as the Israel-Hamas and Russia-Ukraine conflicts. These events have led to a noted rise in ideologically driven hacktivism and blurred the lines between DDoS-for-Hire groups, hacktivists, and state-sponsored actors. The proliferation of DDoS-for-Hire platforms has made these attack tools accessible to a wider range of threat actors. Globally, the financial sector remained the most targeted industry segment for Layer 3 and 4 DDoS attacks, making up 37% of incidents. This marks the second consecutive year that financial services have led in reported attack numbers, followed by gaming at 20% and manufacturing at 17%. No other sector experienced a similar surge, according to the report's findings. The publication discusses strategies for improving defences through the FS-ISAC and Akamai-developed DDoS Maturity Model. This framework provides a benchmark for readiness and recommends targeted investment in defence strategies for organisations managing financial infrastructure and sensitive data. The DDoS Maturity Model highlights several key actions for financial institutions and related entities: Adopt real-time behavioural analytics and traffic baselining Implement threat intelligence-led automation for detection and mitigation Strengthen DNS and API security with continuous testing and hardening Use geo-IP filtering to reduce exposure from high-risk regions The report also contains regional data, profiles of hacktivist groups, and an overview of mitigation strategies and best cyber hygiene practices. It notes the importance of mapping organisational capabilities and practices against different stages of maturity in DDoS defence, offering a structured approach to managing a rising strategic threat. Akamai's collaboration with FS-ISAC on this research builds on the company's involvement in FS-ISAC's Critical Providers Program, which was launched to strengthen supply chain security within the financial sector.
