EMEA hit hardest globally by API attacks

Web attacks are significantly more likely to target APIs in EMEA than in any other region, according to new API threat research led by Akamai.

  • 8 months ago Posted in

Akamai Technologies has released a new State of The Internet (SOTI) report titled ‘Lurking in the Shadows: Attack Trends Shine Light on API Threats’. The research highlights the array of attacks that are hitting APIs, including traditional web attacks, and the regions most at risk.

Akamai’s data, which tracks API attack traffic from January through December 2023, reveals that in 2023, the Europe, Middle East and Africa (EMEA) region experienced the highest percentage of API attacks on a global basis at 47.5% - by far exceeding the next closest region, North America at 27.1%. Within EMEA, the countries with the highest percentage of API attacks include Spain (94.8%), Portugal (84.5%), the Netherlands (71.9%), and Israel (67.1%).

Akamai researchers found that the commerce industry had the highest percentage of overall web attacks that impacted organizations at 74.6%, which is more than twice the percentage of the next closest vertical, the high-tech industry, at 35.5%. This is partially due to the complex nature of the commerce ecosystem, their high reliance on APIs, and the valuable data organizations in this sector possess.

Other key EMEA findings of the report include:

· Consistent with the global trend, HTTP Protocol and Structured Query Language Injection (SQLi) attacks have been the predominant attack vectors for APIs in EMEA during the last 12 months.

· During the same reporting period, 40% of the nearly four trillion suspicious bot requests were aimed at APIs.

· Cross-Site Scripting (XSS) remains a favoured technique for API attacks, and Command injection (CMDi) is also prevalent.

“Commerce organisations have a complex and dynamic attack surface, affecting both servers and clients. The sector's infrastructure is difficult to secure as it includes IoT devices that use web applications and APIs to drive online conversions and deliver the customer experience that modern consumers expect. As a result, the industry is an attractive target for cybercriminals, who are targeting vulnerabilities, design flaws and security gaps to abuse web-facing servers and applications,” said Richard Meeus, EMEA Director of Security Technology and Strategy at Akamai.

“Although commerce is not as heavily regulated as the financial services or healthcare industries, it still needs to focus on security, as attacks can be far more punishing to the bottom line." Commerce organisations need to ensure they have complete visibility into API activity, using behavioural analytics to detect complex threats and improve detections by analysing historical data.” 

IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant...
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient...
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Now Platform unites ASDA’s operations across Technology, Customer, Finance, and Employee...
The 2024 State of Data Intelligence Report finds companies struggling with AI governance more than...
Over a quarter (26%) have already turned to outsourcing as a solution.
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...