Manufacturers In Asia-Pacific, Japan See Highest Web Attacks On APIs: Akamai Report

Manufacturers in Asia-Pacific and Japan are at great risk of cyberattacks, as cybercriminals continue to exploit application programming interfaces to conduct attacks, the 'State of the Internet' report by cloud company Akamai Technologies showed.

According to the report, which focused on the variety of attacks that target APIs, 15% of all web attacks in the APJ region were directed towards APIs from January through December 2023. With the highest number of API-targeted attacks across industries—nearly one out of three (31.2%) web attacks—the manufacturing sector in APJ is the most vulnerable.

APIs allow software, devices and systems to communicate with one another and are important to organisations because they improve both employee and customer experiences. APIs are important to manufacturers because they make it possible to use internet of things devices to improve productivity, streamline production and allow real-time supervision of factories and inventory.

However, cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. Given APJ’s role in global manufacturing, cyberattacks against APJ manufacturers could have global ramifications.

As the demand for using APIs rises, Akamai anticipates an increase in attacks and advises organisations to give priority to proper accounting and security of their APIs, else they run the risk of experiencing breaches.

Other Key Insights:

• After manufacturing, the industries most affected by web attacks that targeted APIs were gaming (25.2%), high tech (24.4%), video media (24%) and commerce (22.3%).

• India faced 19% of web attacks targeting APIs. With 47.9% of web attacks aimed at APIs, South Korea topped the list, followed by Indonesia (39.6%), Hong Kong (38.7%), Malaysia (26.4%) and Japan (23.4%).

• The main attack techniques in APJ were local file inclusion (16.8%), server-side request forgery (11.8%) and web attack tool (10.4%). Additionally, attackers are using recently surfaced vectors, such as CMDi at 9.1%, highlighting that adversaries are discovering new ways to exploit targets.

• Business logic abuse is a serious concern since it can be difficult to identify unusual API activity without first creating a baseline for API behaviour. APJ organisations that do not have tools to monitor irregularities in their API usage are vulnerable to runtime assaults such as data scraping.

• Another worrying trend in APJ is bot requests; of the over two trillion suspicious bot requests, nearly half were directed towards APIs.

“APIs are increasingly critical to organisations, but they are also challenged with protecting APIs effectively, as security is often not properly baked into the rapid development and deployment processes of newer technologies like APIs,” said Reuben Koh, security technology and strategy director (APJ), Akamai.

“As manufacturers use more APIs to enable real-time production monitoring, predictive maintenance and cost optimisation, they need to be more aware of the risks they are exposed to,” Koh said.