EMEA hit hardest globally by API attacks

Web attacks are significantly more likely to target APIs in EMEA than in any other region, according to new API threat research led by Akamai.

  • Thursday, 21st March 2024 Posted 9 months ago in by Phil Alsop

Akamai Technologies has released a new State of The Internet (SOTI) report titled ‘Lurking in the Shadows: Attack Trends Shine Light on API Threats’. The research highlights the array of attacks that are hitting APIs, including traditional web attacks, and the regions most at risk.

Akamai’s data, which tracks API attack traffic from January through December 2023, reveals that in 2023, the Europe, Middle East and Africa (EMEA) region experienced the highest percentage of API attacks on a global basis at 47.5% - by far exceeding the next closest region, North America at 27.1%. Within EMEA, the countries with the highest percentage of API attacks include Spain (94.8%), Portugal (84.5%), the Netherlands (71.9%), and Israel (67.1%).

Akamai researchers found that the commerce industry had the highest percentage of overall web attacks that impacted organizations at 74.6%, which is more than twice the percentage of the next closest vertical, the high-tech industry, at 35.5%. This is partially due to the complex nature of the commerce ecosystem, their high reliance on APIs, and the valuable data organizations in this sector possess.

Other key EMEA findings of the report include:

· Consistent with the global trend, HTTP Protocol and Structured Query Language Injection (SQLi) attacks have been the predominant attack vectors for APIs in EMEA during the last 12 months.

· During the same reporting period, 40% of the nearly four trillion suspicious bot requests were aimed at APIs.

· Cross-Site Scripting (XSS) remains a favoured technique for API attacks, and Command injection (CMDi) is also prevalent.

“Commerce organisations have a complex and dynamic attack surface, affecting both servers and clients. The sector's infrastructure is difficult to secure as it includes IoT devices that use web applications and APIs to drive online conversions and deliver the customer experience that modern consumers expect. As a result, the industry is an attractive target for cybercriminals, who are targeting vulnerabilities, design flaws and security gaps to abuse web-facing servers and applications,” said Richard Meeus, EMEA Director of Security Technology and Strategy at Akamai.

“Although commerce is not as heavily regulated as the financial services or healthcare industries, it still needs to focus on security, as attacks can be far more punishing to the bottom line." Commerce organisations need to ensure they have complete visibility into API activity, using behavioural analytics to detect complex threats and improve detections by analysing historical data.” 

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 1 week ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 1 week ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.