EMEA hit hardest globally by API attacks

Web attacks are significantly more likely to target APIs in EMEA than in any other region, according to new API threat research led by Akamai.

  • 1 month ago Posted in

Akamai Technologies has released a new State of The Internet (SOTI) report titled ‘Lurking in the Shadows: Attack Trends Shine Light on API Threats’. The research highlights the array of attacks that are hitting APIs, including traditional web attacks, and the regions most at risk.

Akamai’s data, which tracks API attack traffic from January through December 2023, reveals that in 2023, the Europe, Middle East and Africa (EMEA) region experienced the highest percentage of API attacks on a global basis at 47.5% - by far exceeding the next closest region, North America at 27.1%. Within EMEA, the countries with the highest percentage of API attacks include Spain (94.8%), Portugal (84.5%), the Netherlands (71.9%), and Israel (67.1%).

Akamai researchers found that the commerce industry had the highest percentage of overall web attacks that impacted organizations at 74.6%, which is more than twice the percentage of the next closest vertical, the high-tech industry, at 35.5%. This is partially due to the complex nature of the commerce ecosystem, their high reliance on APIs, and the valuable data organizations in this sector possess.

Other key EMEA findings of the report include:

· Consistent with the global trend, HTTP Protocol and Structured Query Language Injection (SQLi) attacks have been the predominant attack vectors for APIs in EMEA during the last 12 months.

· During the same reporting period, 40% of the nearly four trillion suspicious bot requests were aimed at APIs.

· Cross-Site Scripting (XSS) remains a favoured technique for API attacks, and Command injection (CMDi) is also prevalent.

“Commerce organisations have a complex and dynamic attack surface, affecting both servers and clients. The sector's infrastructure is difficult to secure as it includes IoT devices that use web applications and APIs to drive online conversions and deliver the customer experience that modern consumers expect. As a result, the industry is an attractive target for cybercriminals, who are targeting vulnerabilities, design flaws and security gaps to abuse web-facing servers and applications,” said Richard Meeus, EMEA Director of Security Technology and Strategy at Akamai.

“Although commerce is not as heavily regulated as the financial services or healthcare industries, it still needs to focus on security, as attacks can be far more punishing to the bottom line." Commerce organisations need to ensure they have complete visibility into API activity, using behavioural analytics to detect complex threats and improve detections by analysing historical data.” 

New research from Digital Realty and Hewlett Packard Enterprise confirms a rise in the number of...
Cyber security, cloud and ESG remain priorities, interest in AI continues to rise.
85% of CFOs are expecting to take on a more significant role in shaping business strategy.
Qarbon Technologies has started an ongoing collaboration with Cambridge Management Consulting...
Emerging Tech Unpacked Report from Endava finds businesses are betting on generative AI, predictive...
New survey commissioned by Auxilion and HPE reveals that UK-based enterprises using green...
Consensus that social and environmental value ought to trump shareholder value.
This multi-year technology association will provide in-race insights, fan engagement, and...