Why (and How) APIs and Web Applications Are Under Siege
Defend your digital fortress
Web applications, and the APIs that enable them, are redefining customer experiences, streamlining business operations, and fueling economic growth. At the same time, they are creating new avenues of potential entry into your digital fortress.
As applications become even more woven into every aspect of business, the complex web of connections that make them work is constantly probed by malware, bots, and other threat actors who are looking for security weaknesses to exploit.
We explore this trend — and what businesses can do to protect their web applications and API infrastructures — in our new State of the Internet (SOTI) report, Digital Fortresses Under Siege: Threats to Modern Application Architectures. The report provides a deep dive into the insights revealed by Akamai’s analysis of attack trends.
Key findings of the SOTI report
Application and API attacks surged by 49% from Q1 2023 to Q1 2024. This surge was driven by the increased adoption of applications and APIs, which significantly expanded organizations’ attack surfaces.
108 billion API attacks were observed during the reporting period. These attacks can potentially lead to fraud and abuse, significant financial losses, and regulatory sanctions.
DDoS attacks target critical Layers 3, 4, and 7 by flooding systems with massive amounts of traffic. These relentless assaults can result in downtime and business disruption.
API attacks on the rise
The number of attacks on web applications and APIs is on the rise, increasing by 49% between Q1 2023 and Q1 2024 (Figure). A total of 108 billion API attacks were recorded from January 2023 through June 2024. This relentless assault reflects a dramatic increase in attempts by threat actors to gain access to valuable data. Indeed, several high-profile data breaches in recent months have been linked to API abuse or exploitation of API vulnerabilities.
Attackers are increasingly targeting web applications and APIs as exemplified by the 49% year-over-year growth of web attacks
API abuse in particular is a growing concern for businesses that rely on these application interfaces to provide access to their data and services. Abuse can take different forms, from unauthorized access by insiders to data breaches and distributed denial-of-service (DDoS) attacks.
The SOTI report details some of the attackers’ favored tactics, including local file inclusion (LFI), cross-site scripting (XSS), SQL injection (SQLi), command injection (CMDi), and server-side request forgery (SSRF) attacks. All these tactics saw significant upticks from Q1 2023 to Q1 2024.
Industries at higher risk
Our research indicates that commerce, high technology, and social media are the three verticals experiencing the most application layer DDoS attacks, with more than 11 trillion attacks in just 18 months. We observed a sharp increase in Layer 7 DDoS attacks in June of 2023, possibly related to geopolitical events at that time.
Commerce organizations have experienced the highest volume of web attacks among all industries in the report. From January 2023 through June 2024, commerce assets were hit with more than double the number of attacks than hit the technology sector, which came in second. This reflects the commerce industry’s heavy reliance on web applications and APIs, along with the speed-to-market pressures that may lead to inadequate security measures.
Defending web applications and infrastructure
Given this growing threat, organizations need to fortify their efforts to defend web applications and the infrastructure that powers them. This starts with an understanding of how a major threat — DDoS attacks — targets applications, including Layers 3, 4, and 7.
Layer 3 and 4 attacks
Infrastructure DDoS attacks often focus on the networking (Layer 3) and transport (Layer 4) layers, often using a large volume to overwhelm the network. Moreover, the number of these Layer 3 and 4 attacks rises and falls throughout the year; they varied by more than 200 attack events per month over the 18 months we observed for this report.
Layer 7 attacks
Application-layer attacks, usually targeting Layer 7, are on the rise and may be preferred by attackers since they don’t require as many resources to conduct. They can also be harder to detect, giving attackers another potential advantage.
DNS attacks
Attacks on the Domain Name System (DNS) protocol are increasingly common. Akamai research found that DNS was a component in 60% of Layers 3 and 4 DDoS attacks in the past 18 months.
Protecting applications with Zero Trust
Web applications and APIs require the same robust security approach as any other critical data: Zero Trust. When web applications and APIs are overlooked, they can be exposed externally, as can the internal workloads between them.
There is a perception that the implementation of Zero Trust principles like microsegmentation is always a heavy lift, requiring an extensive “rip and replace” exercise. Modern approaches, however — such as software-based segmentation — make application security a much lighter lift, while providing better network visualization and granular governance controls.
Take steps to fight the cyberthreat siege
Web applications and APIs will continue to proliferate, fuel innovation, and deliver the experiences that define our modern world. Recognizing their potential vulnerabilities and taking steps to fortify your applications is the key to repelling the cyberthreat siege.
Learn how: Download the new State of the Internet (SOTI) report, Digital Fortresses Under Siege: Threats to Modern Application Architectures.
