Latest news with #StateofApps
Techday NZ
23-04-2025
- Business
- Techday NZ
APJ region sees 73% surge in web & API attacks in 2024
Akamai Technologies has published its latest State of the Internet report, revealing a significant surge in web application and API attacks across the Asia Pacific and Japan (APJ) region in 2024. The report, titled 'State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain', identified a 73% year-over-year increase in web application attacks in APJ, representing the highest percentage increase globally. According to Akamai, the APJ region experienced 51 billion web application attacks in 2024, up from 29 billion in 2023. The report attributed this sharp rise to the widespread adoption of artificial intelligence (AI), which, while enhancing threat detection, has also introduced new challenges through expanding attack surfaces and increasing attack complexity. Australia was the most targeted country in APJ, facing 20.3 billion web and API attacks, followed by India with 17.3 billion and Singapore with 15.9 billion. Japan, China, South Korea, New Zealand, and Hong Kong SAR also experienced substantial attack volumes, ranging from 6.3 billion to 2.2 billion incidents. Across APJ, financial services bore the brunt of the attacks, with over 27 billion web attacks, correlating with the sector's rapid integration of emerging technologies such as AI. Commerce was the second most targeted industry, accounting for more than 18 billion attacks. Globally, the number of web and API attacks reached 311 billion in 2024, marking a 33% increase compared to the previous year. The report highlighted the growing threat to APIs as cyber attackers exploit authentication gaps and automate their attacks. Akamai identified 150 billion API attacks globally from January 2023 through December 2024, with AI-powered APIs noted as particularly vulnerable due to their accessibility and common lack of adequate authentication. The study also documented a substantial rise in distributed denial of service (DDoS) attacks at the application layer (Layer 7). Globally, Layer 7 DDoS attacks increased by 94%, reaching 7 trillion attacks, with the high-technology sector being most affected. The monthly volume of these attacks doubled from just over 500 billion in early 2023 to over 1.1 trillion by the end of 2024. HTTP flood attacks remained the predominant threat in this category. Within APJ, Layer 7 DDoS attacks grew by 66% year-over-year, making it the second most targeted region worldwide. The region saw a total of 7.4 trillion attacks in this category over the two years, peaking at 504 billion in December 2024. Singapore recorded the highest number within APJ at 4.7 trillion attacks, with India and South Korea following at 1.1 trillion and 607 billion, respectively. Digital media platforms and commerce were the sectors most impacted in the region. On a broader scale, the report identified over 230 billion web attacks globally targeting commerce organisations—almost three times the impact experienced by the high technology sector, the second most targeted industry. Security incidents related to the OWASP API Top 10 increased by 32%, revealing persistent issues with authentication and authorisation flaws. Additionally, security alerts referencing the MITRE framework rose by 30% as attackers adopted more advanced, automated, and AI-driven strategies. Shadow and zombie APIs were identified as notable risk factors due to their prevalence in complex API ecosystems. Reuben Koh, Director of Security Technology and Strategy at Akamai Technologies APJ, commented on the implications of the findings. "The surge in web and API attacks across APJ reflects more than just the region's rapid digital adoption, it also underscores the urgent need for cybersecurity to evolve rapidly with the growing integration of AI into enterprise ecosystems. As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly," he said. "This SOTI report will also dive into practical mitigation strategies on how organisations can better protect themselves against evolving threats." The report also addressed the regulatory response to surging web and API attacks, noting stricter compliance requirements across the region. Countries such as Singapore, Japan, India, and Australia have enacted or expanded legislation to increase cybersecurity oversight, including the introduction of the Cybersecurity Act 2024 in Australia and revisions to existing frameworks in other markets. As regulatory enforcement intensifies and compliance deadlines approach, Akamai advised organisations to adopt a shift-left security approach, enhance API governance, and deploy AI-powered defences to safeguard against evolving threats. Akamai's State of the Internet report series is now in its eleventh year, delivering insights into cybersecurity trends and web performance based on data from infrastructure responsible for processing a substantial proportion of global web traffic.
Yahoo
22-04-2025
- Business
- Yahoo
Akamai Research: Web Attacks Up 33%, APIs Emerge as Primary Targets
Surge correlates with accelerated adoption of AI-powered applications CAMBRIDGE, Mass., April 22, 2025 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, today released a new State of the Internet (SOTI) report that finds there were 311 billion web attacks in 2024, representing a 33% year-over-year increase. State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain notes the surge in these attacks correlates to the rapid adoption of artificial intelligence (AI) applications, which expand attack surfaces and introduce new security challenges. The report also finds that APIs have emerged as primary targets, with Akamai documenting 150 billion API attacks from January 2023 through December 2024. The AI API market is growing rapidly and the integration of AI-driven tools with core platforms via APIs has substantially expanded this attack surface. The majority of AI-powered APIs are externally accessible and many rely on inadequate authentication mechanisms, a vulnerability compounded by the growing array of AI-driven attacks targeting them. Akamai notes that AI-powered APIs are even more vulnerable than their counterparts as AI fuels technical advancements for threat actors. In addition, Akamai documents a dramatic rise in Layer 7 (application-layer) distributed denial-of-service (DDoS) attacks against web applications and APIs. Quarterly attack volumes increased 94% year-over-year between Q1 2023 and Q4 2024. In early 2023, Akamai observed monthly numbers of 500 billion, which rose to 1.1 trillion in one month by December 2024. This growth is due to the growing sophistication of bot-driven attacks, the persistence of HTTPS flooding as a primary attack vector, and the prevalence of Layer 7 DDoS attacks targeting the high technology industry. Other key findings of the report include: There were more than 230 billion web attacks targeting commerce organizations, making it the most impacted industry. This is nearly triple the number of attacks experienced by high technology (the second most attacked sector). There were 7 trillion Layer 7 DDoS attacks targeting the high technology sector from January 2023 through December 2024, making it the most affected industry. OWASP API Security Top 10–related incidents increased 32%, revealing authentication and authorization flaws that expose sensitive data and functionality. Growth in security alerts related to the MITRE security framework are up 30% as attackers are using advanced techniques such as automation and AI to exploit APIs. Shadow and zombie APIs present particularly vulnerable attack vectors within increasingly complex API ecosystems. State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain also contains a security spotlight on an API attack against an ecommerce company, an explanation of the differences between web and API attacks, regional and industry attack data, and recommended mitigation strategies. The report provides unique insights on risk scoring and technical methods that are designed to assist frontline defenders. "AI is transforming web and API security, enhancing threat detection but also creating new challenges," said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. "This report is a must read to understand what's driving the shift and how defenders can stay ahead with the right mitigation strategies." This is the 11th year of Akamai's SOTI reports. The SOTI series provides expert insights on cybersecurity and web performance and is based on data gathered from our network infrastructure, which processes more than one-third of global web traffic. About Akamai Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at and or follow Akamai Technologies on X and LinkedIn. Contact:Akamai PRakamaiPR@ View original content to download multimedia: SOURCE Akamai Technologies, Inc. Sign in to access your portfolio
