Back to overview

APIs are a major target of cyber attacks

2. July 2024

APIs are driving digital transformation – and are also a favourite target for cyber criminals. New data shows: Every second attack today targets interfaces. It’s high time to put API security at the top of the agenda.

This year, Akamai is celebrating the tenth anniversary of the SOTI (State of the Internet) reports. The series provides expert insights into the cloud security and web performance landscape and is based on data from the Akamai Intelligent Edge Platform. The latest report “2024 State of the Internet Report on API Security: Shining a Light on API Threats” highlights the latest trends in API attacks and emphasises the need for transparency in the area of API security. (Read more: What are API attacks?)

The widespread use of Application Programming Interfaces (APIs) has led to innovation and efficiency gains in modern organisations. However, it is difficult for security teams to understand the scale and complexity of the risks posed by these APIs, especially as many organisations do not have a complete inventory of their APIs, making it difficult to see the full attack surface and thus creating vulnerabilities in their perimeter. According to Akamai, APIs are attacked using both traditional attack methods and API-specific techniques, which requires a combination of protective measures.

Key findings from the report:

Rising number of API attacks:

  • APIs are increasingly being targeted by attackers as they are a critical component of modern web applications and often provide access to sensitive data and services.
  • Almost 30% of all web attacks targeted APIs in 2023. At 47.5%, the EMEA region (Europe, Middle East and Africa) recorded the highest proportion of API attacks worldwide.
  • In the period between 2021 and 2023, the number of API attacks increased dramatically, with a doubling of attacks being observed in some areas.

Type of API attacks:

  • DDoS attacks (Distributed Denial of Service) on APIs are of particular note. These attacks aim to disrupt the availability of services by flooding API endpoints with an overwhelming number of requests.
  • Injection attacks (SQL injection, command injection) target vulnerabilities in API endpoints to gain unauthorised access to data or execute malicious commands.
  • Security vulnerabilities due to incorrect authentication are another focus. Vulnerabilities in authentication mechanisms of APIs allow attackers to gain unauthorised access.

Attackers’ strategies:

  • Attackers are using increasingly sophisticated techniques to exploit API vulnerabilities. These include the use of automation tools and scripts as well as techniques such as credential stuffing, where stolen credentials from previous data leaks are used to gain access to API services.
  • Man-in-the-middle attacks on unencrypted APIs, where attackers can intercept and manipulate traffic.

Industry-specific threats:

  • The financial, retail and healthcare sectors are particularly affected. APIs that manage financial transactions, customer data and health information are particularly attractive targets for cybercriminals.
  • These industries are experiencing a high number of attacks specifically aimed at causing financial damage or stealing valuable personal data.

Recommended countermeasures:

  • API protection measures such as web application firewalls (WAFs) specifically designed for APIs to block typical types of attacks such as injection attacks.
  • Strong authentication and authorisation mechanisms: The implementation of OAuth 2.0, token-based authentication and the use of multi-factor authentication (MFA) are essential.
  • Regular security checks and penetration tests to identify and eliminate vulnerabilities in APIs.
  • Improve the transparency of the API environment (inventory, risk audit, behaviour and anomaly detection).

Future prospects:

  • The report predicts that the threat landscape for APIs will continue to grow as organisations increasingly rely on APIs to integrate and extend their services.
  • The increasing reliance on APIs in digital transformation and the IoT is expected to lead to a further tightening of the security situation.

APIs in the security spotlight – act now

Akamai’s SOTI report highlights that APIs have become a prime target for cyberattacks. Organisations need to adapt their security strategies to effectively counter these growing threats. By implementing comprehensive security measures, APIs can be protected from attacks and their integrity ensured.

Link to the full report via: Hidden in the Shadows: Attack Trends Bring API Threats to Light (Akamai Blog)

Ready for the next step?
Let’s talk about your digital strategy.

For Europe’s digital future - with sovereign cloud solutions, end-to-end IT security, scalable digital solutions, and intelligent automation powered by AI. Let’s discuss how we can help your business become more resilient, secure, and future-proof.

Get in Touch

More articles from the category

M365 Security 2025: Transitioning to Phish-Resistant MFA and Stricter Policies
Security Services

M365 Security 2025: Transitioning to Phish-Resistant MFA and Stricter Policies

Read more
Implementing NIS2: Gap Analysis and Prioritized Actions Before Year-End
Security Services

Implementing NIS2: Gap Analysis and Prioritized Actions Before Year-End

Read more
Kubernetes Security: Best Practices for Protecting Container Environments
Security Services

Kubernetes Security: Best Practices for Protecting Container Environments

Read more
Insider Threats: The New Security Perimeter in the Cloud Workplace
Security Services

Insider Threats: The New Security Perimeter in the Cloud Workplace

Read more
Ransomware: Prevention Strategies and Incident Response
Security Services

Ransomware: Prevention Strategies and Incident Response

Read more
Vulnerability Management: Identification and Remediation of IT Vulnerabilities
Security Services

Vulnerability Management: Identification and Remediation of IT Vulnerabilities

Read more

Find your solution

To top