Cambridge, UK, 30 July 2024 â Akamai Technologies, a leading cloud computing company, has revealed a stark increase in web attacks targeting applications and APIs. According to the latest State of the Internet (SOTI) report, June 2024 alone saw over 26 billion attacks of this nature, marking a 49% rise over the past year.
This surge in attacks is largely attributed to the growing reliance on applications and APIs by businesses. These digital gateways have become attractive targets for cybercriminals due to their role in providing access to vital services and capabilities.
The SOTI report highlights the concerning trend of API abuse, which can manifest in various forms, including data breaches, unauthorised access, and Distributed Denial-of-Service (DDoS) attacks. Between January 2023 and June 2024, Akamai recorded a staggering 108 billion API attacks. Such malicious activities can result in severe consequences, including data theft, reputational damage, regulatory penalties, and substantial financial losses.
The report also outlines other key findings:
Industries Under Siege: High technology, commerce, and social media sectors were the most frequent targets of Layer 7 DDoS attacks, enduring over 11 trillion attacks in the past 18 months.
Multi-Layered Attacks: DDoS attacks increasingly target all ports and protocols across Layers 3, 4, and 7. The Domain Name System (DNS) protocol, a vital component of internet infrastructure, was exploited in 60% of Layers 3 and 4 DDoS attacks over the last 18 months.
Commerce in the Crosshairs: The commerce industry emerged as the most targeted sector for web application and API attacks, suffering over double the number of attacks compared to any other industry, with high technology following closely behind.
Persistent Threat Vectors: Traditional attack methods such as Local File Inclusion (LFI), Cross-Site Scripting (XSS), SQL Injection (SQLi), Command Injection (CMDi), and Server-Side Request Forgery (SSRF) remain prevalent threats against business applications and APIs.
"Successful attacks against applications and APIs are becoming more common, and they can have a significant impact on an organisation's revenue and reputation," stated Rupesh Chokshi, Senior Vice President and General Manager of Application Security at Akamai. "Our report provides a detailed analysis of how attackers target apps and APIs and offers practical strategies to prevent these dangerous incursions, ensuring your organisation remains resilient."
Beyond the core findings, "Digital Fortresses Under Siege: Threats to Modern Application Architectures" includes a security spotlight dedicated to mobile app user agreements, offering valuable advice for developers and users alike. The report further provides region-specific snapshots for Europe, the Middle East, and Africa (EMEA) as well as the Asia-Pacific and Japan (APJ) regions, offering valuable insights and case studies relevant to those specific areas.
This year marks the 10th anniversary of Akamai's State of the Internet (SOTI) reports. The SOTI series leverages data collected from the Akamai Connected Cloud, providing expert analysis and insights into the evolving landscape of cybersecurity and web performance.
About Akamai
Akamai empowers and safeguards life online. Leading organisations worldwide rely on Akamai to build, deliver, and secure their digital experiences â enabling billions of people to work, live, and play online every day. Akamai Connected Cloud, a vast distributed edge and cloud platform, brings applications and experiences closer to users and keeps threats farther away. To learn more about Akamai's cloud computing, security, and content delivery solutions, visit akamai.com and akamai.com/blog, or follow Akamai Technologies on X (formerly Twitter) and LinkedIn.