Oleksii - stock.adobe.com
API attacks surge by 65% in APAC, fuelled by rapid digitisation
Akamai's report reveals a significant rise in cyber attacks on web applications and APIs in the region over the past year, with financial and commerce sectors hardest hit
The number of cyber attacks against web applications and application programming interfaces (APIs) in the Asia-Pacific (APAC) region grew by 65% over the past year, with 4.8 billion attacks recorded in June 2024 alone, an Akamai study has found.
This surge is attributed to the rapid deployment of applications by organisations eager to enhance customer experience and drive business growth, which in turn expands their attack surface and exposes vulnerabilities such as poor coding and design flaws in web applications.
Australia, India and Singapore were found to be the top targets for API and web application attacks, followed by China, Japan, New Zealand, South Korea and Hong Kong. The financial services and commerce sectors emerged as the most targeted industries in the region.
API abuse is a particular concern, with businesses increasingly relying on API gateways to provide access to their capabilities and services. API attacks can manifest in various forms, including data breaches, unauthorised access and distributed denial-of-service (DDoS).
In the APAC region, Layer 7 DDoS attacks, which target the application layer of websites and online services, grew five-fold over the past year, totalling 5.1 trillion attacks. These attacks specifically target the application layer of websites and online services, flooding them with requests to degrade performance or cause complete outages.
Hacktivists frequently employ such attacks to disrupt significant political events, such as elections, and to manipulate voter sentiment via social media platforms. By overwhelming key social media platforms with seemingly legitimate web requests, they can hinder access to candidate information, voter registration portals, and even election result updates. This interference can directly impact voter turnout and public perception of the electoral process.
With multiple elections scheduled in APAC this year, Akamai warned that hacktivists may attempt to disrupt crucial democratic processes by targeting social media platforms and election-related websites.
Amid such potential threats, Akamai urged governments and businesses to enhance their cyber security measures. This includes deploying robust DDoS mitigation technologies, ensuring redundancy in critical infrastructure, and educating the public on potential cyber threats.
Reuben Koh, director of security technology and strategy for Asia-Pacific and Japan at Akamai, said the rapid digitisation of economies across APAC is exacerbating the trend of cyber attacks targeting APIs and applications.
“As businesses move operations online more rapidly to meet time-to-market pressures, development and security resources are further strained, often resulting in overlooked security processes. It is therefore extremely important to establish a robust set of best practices to enhance security and resilience in this environment, especially given the high concentration of web attacks observed,” he added.
Read more about cyber security in APAC
- Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea.
- Traffic from bad bots that perform malicious tasks accounted for 30.2% of Australia’s internet traffic in 2023.
- The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access.
- Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner.
