Akamai Research: Web Attacks Targeting Applications and APIs Up by 49% in the Last Year
Akamai Technologies (NASDAQ: AKAM) has released a new State of the Internet report highlighting the increasing threats to applications and APIs. Key findings include:
- 26 billion web attacks against applications and APIs observed in June 2024 alone
- 49% surge in these attacks over the last year
- 108 billion API attacks recorded from January 2023 through June 2024
- High technology, commerce, and social media were the most targeted industries by Layer 7 DDoS attacks
- DNS protocol was a component in 60% of Layers 3 and 4 DDoS attack events
The report emphasizes the growing concern of API abuse and its potential consequences, including data theft, brand reputation damage, regulatory fines, and financial losses.
Akamai Technologies (NASDAQ: AKAM) ha pubblicato un nuovo rapporto sullo Stato di Internet che mette in evidenza le crescenti minacce per le applicazioni e le API. I principali risultati includono:
- 26 miliardi di attacchi web contro applicazioni e API osservati solo nel mese di giugno 2024
- 49% di incremento di questi attacchi rispetto all'anno precedente
- 108 miliardi di attacchi API registrati da gennaio 2023 a giugno 2024
- Le tecnologie elevate, il commercio e i social media sono stati i settori più colpiti dagli attacchi DDoS Layer 7
- Il protocollo DNS è stato un componente in 60% degli eventi di attacco DDoS di Livelli 3 e 4
Il rapporto sottolinea la crescente preoccupazione per l'abuso delle API e le sue potenziali conseguenze, tra cui furto di dati, danni alla reputazione del marchio, sanzioni normative e perdite finanziarie.
Akamai Technologies (NASDAQ: AKAM) ha lanzado un nuevo informe sobre el Estado de Internet que resalta las crecientes amenazas a las aplicaciones y APIs. Los hallazgos clave incluyen:
- Se observaron 26 mil millones de ataques web contra aplicaciones y APIs solo en junio de 2024
- Un 49% de aumento en estos ataques en el último año
- Se registraron 108 mil millones de ataques a APIs desde enero de 2023 hasta junio de 2024
- Las industrias más atacadas por los ataques DDoS de Capa 7 fueron tecnología, comercio y redes sociales
- El protocolo DNS fue un componente en el 60% de los eventos de ataque DDoS de Capas 3 y 4
El informe enfatiza la creciente preocupación por el abuso de APIs y sus posibles consecuencias, incluidos el robo de datos, el daño a la reputación de la marca, multas regulatorias y pérdidas financieras.
Akamai Technologies (NASDAQ: AKAM)는 애플리케이션과 API에 대한 증가하는 위협을 강조하는 새로운 인터넷 상태 보고서를 발표했습니다. 주요 발견 사항은 다음과 같습니다:
- 2024년 6월 한 달 동안 애플리케이션과 API에 대해 260억 건의 웹 공격이 관찰됨
- 지난 1년간 이러한 공격이 49% 증가
- 2023년 1월부터 2024년 6월까지 1080억 건의 API 공격이 기록됨
- Layer 7 DDoS 공격의 가장 많은 타겟이 된 산업은 고급 기술, 상업 및 소셜 미디어
- DNS 프로토콜은 Layer 3 및 4 DDoS 공격 사건의 60%에서 구성 요소로 작용함
이 보고서는 API 남용에 대한 우려가 커지고 있으며, 데이터 도용, 브랜드 평판 손상, 규제 벌금 및 재정적 손실 등의 잠재적 결과를 강조합니다.
Akamai Technologies (NASDAQ: AKAM) a publié un nouveau rapport sur l'État d'Internet mettant en évidence les menaces croissantes pesant sur les applications et les API. Les résultats clés comprennent :
- 26 milliards d'attaques web contre des applications et des API observées rien que pour le mois de juin 2024
- Une augmentation de 49% de ces attaques par rapport à l'année dernière
- 108 milliards d'attaques API enregistrées de janvier 2023 à juin 2024
- Les technologies, le commerce et les réseaux sociaux étaient les secteurs les plus ciblés par les attaques DDoS de couche 7
- Le protocole DNS a été un élément dans 60% des événements d'attaque DDoS de couches 3 et 4
Le rapport souligne la préoccupation croissante concernant l'abus des API et ses conséquences potentielles, notamment le vol de données, les dommages à la réputation de la marque, les amendes réglementaires et les pertes financières.
Akamai Technologies (NASDAQ: AKAM) hat einen neuen Bericht über den Stand des Internets veröffentlicht, der die zunehmenden Bedrohungen für Anwendungen und APIs hervorhebt. Die wichtigsten Ergebnisse sind:
- Im Juni 2024 wurden alleine 26 Milliarden Webangriffe auf Anwendungen und APIs beobachtet
- Ein Anstieg von 49% dieser Angriffe im Vergleich zum Vorjahr
- Von Januar 2023 bis Juni 2024 wurden 108 Milliarden API-Angriffe registriert
- Die am stärksten betroffenen Branchen durch Layer 7 DDoS-Angriffe waren Technologie, Handel und soziale Medien
- Das DNS-Protokoll war in 60% der DDoS-Angriffereignisse der Schichten 3 und 4 anwesend
Der Bericht betont die wachsende Besorgnis über den Missbrauch von APIs und deren potenzielle Folgen, einschließlich Datendiebstahl, Schäden am Markenruf, behördliche Geldstrafen und finanzielle Verluste.
- Akamai's research provides valuable insights into cybersecurity trends
- The company's data collection capabilities demonstrate its strong market position in cloud security
- Increasing cyber threats may lead to higher security costs for Akamai's clients
- Rising attacks could potentially impact Akamai's ability to protect its customers effectively
Insights
The surge in web attacks targeting applications and APIs by
Key points to consider:
- The sheer volume of attacks - 26 billion in June 2024 alone - indicates a persistent and growing threat.
- API abuse is particularly worrisome, with 108 billion attacks recorded from January 2023 to June 2024. This highlights the critical need for API-specific security strategies.
- The commerce industry being the most targeted sector suggests that financial motivations are driving many of these attacks.
- The prevalence of traditional attack vectors like LFI, XSS and SQLi shows that basic security practices are still essential.
For investors, this trend could signal increased demand for cybersecurity solutions, particularly those focusing on application and API protection. Companies offering such services may see growth opportunities. However, it also poses risks for businesses that fail to adequately protect their digital assets, potentially leading to financial losses and reputational damage.
The report's findings have significant implications for the tech industry and related stocks. The high technology sector being among the top three industries targeted by Layer 7 DDoS attacks is particularly noteworthy.
Key considerations for investors:
- Cybersecurity companies specializing in application and API protection may see increased demand, potentially boosting their market value.
- Tech companies with robust security measures may gain a competitive advantage, while those with vulnerabilities could face increased risks.
- The rise in attacks could lead to higher cybersecurity spending across the tech sector, impacting profit margins but potentially creating opportunities for security vendors.
- The prevalence of DNS-based attacks (involved in
60% of Layer 3 and 4 DDoS events) suggests a need for specialized DNS security solutions.
Investors should closely monitor how tech companies are addressing these threats and consider the potential impact on their financial performance and risk profile. Companies that can demonstrate strong security postures may be better positioned in the market.
The escalating cyber threats outlined in Akamai's report present significant financial risks for businesses across various sectors, particularly in commerce, high technology and social media. Investors need to consider the potential financial implications of these security challenges.
Key financial risk factors:
- Data breaches resulting from successful attacks can lead to substantial regulatory fines, especially under stringent data protection laws like GDPR.
- The cost of implementing and maintaining robust cybersecurity measures may impact companies' operational expenses and profitability.
- Reputational damage from high-profile breaches can lead to loss of customer trust and potentially decreased revenue.
- Companies may face increased insurance premiums for cyber risk coverage.
From an investment perspective, it's important to assess a company's cybersecurity preparedness as part of the overall risk evaluation. Firms with strong security postures and proactive strategies may be better positioned to mitigate these financial risks. Conversely, those lagging in cybersecurity investments might face higher long-term costs and potential value erosion.
Akamai recorded more than 26 billion application and API attacks in June 2024
API abuse in particular is a growing concern for businesses that increasingly rely on these gateways to provide access to their capabilities and services. The report notes that attacks against APIs can occur in various forms, including data breaches, abuse, and distributed denial-of-service (DDoS) attacks. In fact, Akamai recorded 108 billion API attacks from January 2023 through June 2024. These relentless assaults against APIs can lead to data theft, damages to brand reputation, regulatory fines, and significant financial losses.
Other key findings of the report include:
- High technology, commerce, and social media were the three industries most targeted by Layer 7 DDoS attacks, with more than 11 trillion attacks in just 18 months.
- DDoS attacks challenge traffic over all ports and protocols on Layers 3 and 4 and Layer 7. This includes the Domain Name System (DNS) protocol, which Akamai research observed to be a component in
60% of Layers 3 and 4 DDoS attack events in the past 18 months. - The commerce industry has been victim to the most web application and API attacks, with more than double the number of attacks than any other sector (high technology was second).
- Local file inclusion (LFI), cross-site scripting (XSS), SQL injection (SQLi), command injection (CMDi), and server-side request forgery (SSRF) attacks remain prevalent vectors that target business applications and APIs.
"Successful attacks against applications and APIs are becoming more common and they can impact an organization's revenue and reputation," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, Akamai. "With Digital Fortresses Under Siege: Threats to Modern Application Architectures, we provide an in-depth look at how attackers target apps and APIs and share effective strategies to prevent these dangerous incursions, ensuring your organization remains resilient."
Digital Fortresses Under Siege: Threats to Modern Application Architectures includes a security spotlight that offers advice on mobile app user agreements. The report also features snapshots for the
This year marks the 10th anniversary of Akamai's State of the Internet (SOTI) reports. The SOTI series provides expert insights on the cybersecurity and web performance landscapes, based on data gathered from Akamai Connected Cloud.
About Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai's cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on X, formerly known as Twitter, and LinkedIn.
Contact
Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-web-attacks-targeting-applications-and-apis-up-by-49-in-the-last-year-302209385.html
SOURCE Akamai Technologies, Inc.
FAQ
What was the increase in web attacks targeting applications and APIs according to Akamai's report?
How many API attacks did Akamai record from January 2023 through June 2024?
Which industries were most targeted by Layer 7 DDoS attacks according to Akamai's research?