Akamai Technologies, Inc. today released a new State of the Internet (SOTI) report that shows how growth in demand for applications and APIs has transformed them into lucrative targets for threat actors. In Digital Fortresses Under Siege: Threats to Modern Application Architectures, Akamai notes that it observed more than 26 billion web attacks against applications and APIs in June 2024 alone, and that these attacks surged by 49% over the last year.
API abuse in particular is a growing concern for businesses that increasingly rely on these gateways to provide access to their capabilities and services. The report notes that attacks against APIs can occur in various forms, including data breaches, abuse, and distributed denial-of-service (DDoS) attacks. In fact, Akamai recorded 108 billion API attacks from January 2023 through June 2024. These relentless assaults against APIs can lead to data theft, damages to brand reputation, regulatory fines, and significant financial losses.
Other key findings of the report include:
- High technology, commerce, and social media were the three industries most targeted by Layer 7 DDoS attacks, with more than 11 trillion attacks in just 18 months.
- DDoS attacks challenge traffic over all ports and protocols on Layers 3 and 4 and Layer 7. This includes the Domain Name System (DNS) protocol, which Akamai research observed to be a component in 60% of Layers 3 and 4 DDoS attack events in the past 18 months.
- The commerce industry has been victim to the most web application and API attacks, with more than double the number of attacks than any other sector (high technology was second).
- Local file inclusion (LFI), cross-site scripting (XSS), SQL injection (SQLi), command injection (CMDi), and server-side request forgery (SSRF) attacks remain prevalent vectors that target business applications and APIs.
"Successful attacks against applications and APIs are becoming more common and they can impact an organization's revenue and reputation," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, Akamai. "With Digital Fortresses Under Siege: Threats to Modern Application Architectures, we provide an in-depth look at how attackers target apps and APIs and share effective strategies to prevent these dangerous incursions, ensuring your organization remains resilient."
Digital Fortresses Under Siege: Threats to Modern Application Architectures includes a security spotlight that offers advice on mobile app user agreements. The report also features snapshots for the Europe, Middle East and Africa (EMEA) and Asian-Pacific and Japan (APJ) regions that provide data and case studies particular to those areas.
This year marks the 10th anniversary of Akamai's State of the Internet (SOTI) reports. The SOTI series provides expert insights on the cybersecurity and web performance landscapes, based on data gathered from Akamai Connected Cloud.
