Akamai Technologies reveals latest trends in API attacks
James Thorpe
Share this content
Akamai Technologies has unveiled its latest State of The Internet (SOTI) report titled ‘Lurking in the Shadows: Attack Trends Shine Light on API Threats’.
The research sheds light on the rising number of attacks targeting APIs, including traditional web attacks and identifies the regions most vulnerable to such threats.
Akamai’s research
According to Akamai’s data tracking API attack traffic from January to December 2023, the EMEA region witnessed the highest percentage of API attacks globally, accounting for 47.5%.
This figure significantly surpasses North America, which recorded 27.1% of API attacks.
Spain, Portugal, the Netherlands and Israel are among the EMEA countries with the highest percentage of API attacks.
The commerce industry emerges as the hardest hit by web attacks, with a staggering 74.6% of organisations affected, doubling the percentage seen in the high tech sector (35.5%).
According to the report, this trend is attributed to the complexity of the commerce ecosystem, its heavy reliance on APIs and the valuable data it holds.
Key findings
- HTTP Protocol and Structured Query Language Injection (SQLi) attacks persist as primary attack vectors for APIs in EMEA
- 40% of nearly four trillion suspicious bot requests during the reporting period were directed at APIs
- Cross-Site Scripting (XSS) and Command Injection (CMDi) techniques remain prevalent in API attacks
Richard Meeus, EMEA Director of Security Technology and Strategy, Akamai commented: “Commerce organisations have a complex and dynamic attack surface, affecting both servers and clients.
“The sector’s infrastructure is difficult to secure as it includes IoT devices that use web applications and APIs to drive online conversions and deliver the customer experience that modern consumers expect.”
“Detect complex threats and improve detections”
Meeus added: “As a result, the industry is an attractive target for cyber-criminals, who are targeting vulnerabilities, design flaws and security gaps to abuse web facing servers and applications.
“Although commerce is not as heavily regulated as the financial services or healthcare industries, it still needs to focus on security, as attacks can be far more punishing to the bottom line.
“Commerce organisations need to ensure they have complete visibility into API activity, using behavioural analytics to detect complex threats and improve detections by analysing historical data.”
Read the full report here.