SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
APJ manufacturers face mounting API cyber threat, says Akamai
Tue, 26th Mar 2024

Akamai Technologies has, shed light on cyber threats facing businesses, particularly manufacturers, in the Asia-Pacific and Japan (APJ) region. In its recent State of The Internet (SOTI) report, 'Lurking in the Shadows: Attack Trends Shine Light on API Threats,' the company warns of the escalating danger posed by cybercriminals targeting Application Programming Interfaces (APIs).

The findings reveal that from January to December 2023, almost 15% of all web attacks in the APJ region were aimed at APIs. The manufacturing sector was the most targeted, accounting for nearly a third (31.2%) of all such attacks. This was followed by gaming, with 25.2% of attacks, then high-tech (24.4%), video media (24.0%), and commerce (22.3%).

Among APJ countries, South Korea saw the highest percentage of web attacks targeting APIs (47.9%), followed by Indonesia (39.6%), Hong Kong SAR (38.7%), Malaysia (26.4%), and Japan (23.4%). India (19.0%), Australia (15.6%), Singapore (5.8%), the Philippines (5.5%) and New Zealand (4.8%) also featured in the top ten countries most vulnerable to such attacks.

APIs are essential tools in our increasingly digitised world, enhancing customer and employee experiences. They are particularly valuable to the manufacturing industry, accelerating efficiency and production and facilitating real-time management of factories and inventories through the use of Industrial Internet of Things devices.

However, the rapid expansion of the API economy and the resulting surge in API usage have inadvertently created new opportunities for cybercriminals. "APIs are increasingly critical to organisations, but they are also challenged with protecting APIs effectively, as security is often not properly baked into the rapid development and deployment processes of newer technologies like APIs," says Reuben Koh, Security Technology and Strategy Director (APJ), Akamai.

Notably, the implications of successful cyber attacks on APJ manufacturers could have considerable global repercussions, given Asia's central role as a hub of global manufacturing.

With the escalating threat landscape, Akamai has identified an urgent need for businesses to step up their API protection measures. The report also highlights previously unidentified areas of concern. The top attack methods include Local File Inclusion (LFI), accounting for 16.8%, Server-Side Request Forgery (SSRF) at 11.8%, and Web Attack Tool (WAT) at 10.4%. Moreover, nearly half of the more than two trillion suspicious bot requests were directed towards APIs.

“Companies in APJ must ensure that the APIs they use are properly discovered and documented - and have complete visibility into their purpose and the risks they bring,” states Koh. He further emphasised that businesses should stay updated on API threats and adhere to industry guidelines to safeguard against misconfiguration and vulnerabilities.