• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Process Risk Management

Growth in API and apps is a new target for threat actors

FutureCISO Editors by FutureCISO Editors
August 8, 2024
Growth in API and apps is a new target for threat actors

Photo by Element5 Digital from Pexels: https://www.pexels.com/photo/person-dropping-paper-on-box-1550337/

Share on FacebookShare on Twitter

In the State of the Internet (SOTI) report, Digital Fortresses Under Siege: Threats to Modern Application Architectures, Akamai observed more than 26 billion web attacks globally against APIs and Apps in June 2024 alone, with attacks surging by 65% over the last year in the Asia-Pacific and Japan (APJ) region resulting in the vulnerability of organisations in particular financial services and commerce sectors.

The rapid deployment of applications by organisations has expanded the attack surface, exposing vulnerabilities like poor coding and design flaws in web apps. Additionally, the rapid API economy growth also gives cybercriminals more opportunities for exploiting vulnerabilities and abusing business logic.

APJ threats, regulations, and emerging trends

From Q1 2023 to Q1 2024, the APJ region experienced a surge in web attacks against APIs and applications, peaking at 4.8 billion attacks in June 2024. Across industries, the financial services and commerce sectors experienced the most web attacks in the region.

Source: SOTI v10, Issue 4, Akamai 2024

API abuse is a growing concern for businesses that increasingly rely on these gateways to provide access to their capabilities and services. The report notes that API attacks can occur in various forms, including data breaches, unauthorized access, and Distributed Denial-of-Service (DDoS) attacks.

Emerging threat: Layer 7 DDoS attacks

In the APJ region, Layer 7 DDoS attacks, which target the application layer of websites and online services, increased five-fold over the past year, totalling 5.1 trillion attacks during this period. These attacks overload websites and services by flooding them with requests, aiming to slow them down or render them inaccessible.

Hacktivists frequently employ this type of attack to disrupt significant political events, such as elections, and to manipulate voter sentiment via social media platforms. They typically flood key social media platforms with a massive volume of seemingly legitimate web requests which overload these servers, hindering access to candidate information, voter registration portals, and even election results updates. This has a direct influence on voter turnout or public perception of the electoral process.

Related:  ExecOpinion: The strategic value of cybersecurity

The APJ region is set to witness multiple elections this year, presenting a significant target for hacktivists who may employ this strategy to disrupt these crucial democratic processes through social media platforms and election-related websites. Governments and businesses need to enhance their cybersecurity measures to safeguard against such threats by taking proactive measures such as deploying robust DDoS mitigation technologies, ensuring redundancy in critical infrastructure, and educating the public about potential cyber threats

Other data points

Source: SOTI v10, Issue 4, Akamai 2024

Local File Inclusion (LFI), Cross-Site Scripting (XSS), SQL injection (SQLi), Command injection (CMDi), and Server-Side Request Forgery (SSRF) attacks remain prevalent vectors targeting business applications and APIs.

Ruben Koh

Reuben Koh, director of security technology & strategy, APJ, Akamai Technologies, says the APJ region frequently experiences web attacks targeting APIs and applications, a trend exacerbated by its rapidly digitizing economies.

He opines that as businesses move operations online more rapidly to meet time-to-market pressures, development and security resources are further strained, often resulting in overlooked security processes.

“It is therefore extremely important to establish a robust set of best practices to enhance security and resilience in this environment, especially given the high concentration of web attacks observed,” he concluded.

Tags: Akamai TechnologiesAPI securityDDoSweb applications
FutureCISO Editors

FutureCISO Editors

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl