The Asia Pacific and Japan (APJ) region witnessed a staggering 73% year-on-year increase in web application attacks in 2024, according to Akamai Technologies’ latest State of the Internet (SOTI) report, titled “State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain.” The surge—amounting to 51 billion attacks, up from 29 billion in 2023—is attributed to the rapid proliferation of artificial intelligence (AI) technologies, which are expanding digital attack surfaces and enabling more sophisticated cyber threats.
Regional and Sectoral Impact
Australia, India, and Singapore emerged as the most targeted countries within APJ, recording 20.3 billion, 17.3 billion, and 15.9 billion attacks, respectively. The financial services and commerce sectors bore the brunt of the attacks, registering over 27 billion and 18 billion incidents, underscoring their vulnerability amid ongoing digital transformation.
Global Trends and API Vulnerabilities
Globally, web application attacks surged by 33% year-over-year, totaling 311 billion in 2024. A major focus of the report is the increasing exploitation of application programming interfaces (APIs), particularly those integrated with AI tools. Between January 2023 and December 2024, Akamai observed 150 billion API attacks worldwide. These often targeted weak authentication mechanisms and automation-friendly endpoints, making AI-powered APIs especially susceptible due to their broad exposure and inadequate security measures.
Layer 7 DDoS Attacks on the Rise
The APJ region also experienced a dramatic 66% increase in Layer 7 distributed denial-of-service (DDoS) attacks. In December 2024 alone, attack volumes peaked at 504 billion. Singapore faced the highest number of these attacks over two years (4.7 trillion), followed by India (1.1 trillion) and South Korea (607 billion). Globally, Layer 7 DDoS attacks rose 94%, totaling 7 trillion incidents, with HTTP floods remaining the dominant vector—primarily affecting high-tech and digital media sectors.
Emerging Threats and Security Gaps
Additional findings include:
Over 230 billion web attacks were directed at global commerce organizations.
Incidents related to the OWASP API Top 10 grew by 32%, reflecting persistent issues with authentication and authorization.
Security alerts referencing the MITRE ATT&CK framework rose by 30%, driven by increased automation and AI in malicious activity.
Shadow and zombie APIs were flagged as especially vulnerable in today’s complex digital ecosystems.
Call for Proactive Security Strategies
Reuben Koh, Director of Security Technology and Strategy at Akamai Technologies APJ, emphasized the need for adaptable security strategies in the face of escalating threats. “As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly,” he noted.
Governments across the APJ region are responding with strengthened regulatory frameworks:
Singapore expanded its cybersecurity legislation.
Japan updated its national cybersecurity strategy.
Australia enacted the Cybersecurity Act 2024.
India implemented the Digital Personal Data Protection Bill, marking a broader move towards robust data governance and compliance.
Akamai recommends that organizations prioritize proactive measures such as shift-left security practices, robust API governance, and AI-driven defense mechanisms to address the evolving threat landscape.
Now in its 11th year, the SOTI report series continues to provide vital insights into global cybersecurity trends, leveraging data from Akamai’s infrastructure, which handles over one-third of global web traffic.
Recent Random Post:
