Akamai Technologies has launched its latest 'State of the Internet' (SOTI) report, highlighting a significant increase in web attacks against APIs and applications.

The report reveals that there were over 26 billion web attacks globally against APIs and Apps in June 2024 alone. The Asia-Pacific and Japan (APJ) region, in particular, has seen a surge in web attacks, with a 65% increase over the last year, significantly impacting organisations in the financial services and commerce sectors.

The report attributes the increase in attacks to the rapid deployment of apps by organisations, which expands the attack surface and exposes vulnerabilities. From Q1 2023 to Q1 2024, the APJ region experienced a surge in web attacks against APIs and applications, peaking at 4.8 billion attacks in June 2024. Layer 7 DDoS attacks, which target the application layer of websites and online services, increased five-fold over the past year in the APJ region, totalling 5.1 trillion attacks.

These attacks are often used to disrupt significant political events, such as elections, and to manipulate voter sentiment via social media platforms. From Q1 2023 through Q1 2024, there was a recorded 65% growth in web attacks in the APJ region, with Australia, India, and Singapore experiencing the most attacks. The social media industry experienced a consistent increase in Layer 7 DDoS attacks from April 2023 to February 2024.

High technology, commerce, and social media were the top three targeted industries in Layer 7 DDoS attacks, with more than 11 trillion attacks globally in just 18 months. The commerce industry has been the most targeted by API and web application attacks, with more than double the amount of attacks than any other sector. Local File Inclusion (LFI), Cross-Site Scripting (XSS), SQL injection (SQLi), Command injection (CMDi), and Server-Side Request Forgery (SSRF) attacks remain prevalent vectors targeting business applications and APIs.

"The APJ region frequently experiences web attacks targeting APIs and applications, a trend exacerbated by its rapidly digitising economies. As businesses move operations online more rapidly to meet time-to-market pressures, development and security resources are further strained, often resulting in overlooked security processes. It is therefore extremely important to establish a robust set of best practices to enhance security and resilience in this environment, especially given the high concentration of web attacks observed," said Director of Security Technology & Strategy, APJ, Akamai Technologies, Reuben Koh.

"Successful attacks against applications and APIs are becoming more common and they can impact an organisation's revenue and reputation," said Senior Vice President and General Manager, Application Security at Akamai, Rupesh Chokshi.