SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
DDoS
#
Data Protection
#
AI Security

APJ region sees 73% surge in web & API attacks in 2024

Today
Author image
By Melania Watson, Interview Editor

Akamai Technologies has published its latest State of the Internet report, revealing a significant surge in web application and API attacks across the Asia Pacific and Japan (APJ) region in 2024.

The report, titled 'State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain', identified a 73% year-over-year increase in web application attacks in APJ, representing the highest percentage increase globally.

According to Akamai, the APJ region experienced 51 billion web application attacks in 2024, up from 29 billion in 2023. The report attributed this sharp rise to the widespread adoption of artificial intelligence (AI), which, while enhancing threat detection, has also introduced new challenges through expanding attack surfaces and increasing attack complexity.

Australia was the most targeted country in APJ, facing 20.3 billion web and API attacks, followed by India with 17.3 billion and Singapore with 15.9 billion. Japan, China, South Korea, New Zealand, and Hong Kong SAR also experienced substantial attack volumes, ranging from 6.3 billion to 2.2 billion incidents.

Across APJ, financial services bore the brunt of the attacks, with over 27 billion web attacks, correlating with the sector's rapid integration of emerging technologies such as AI. Commerce was the second most targeted industry, accounting for more than 18 billion attacks.

Globally, the number of web and API attacks reached 311 billion in 2024, marking a 33% increase compared to the previous year. The report highlighted the growing threat to APIs as cyber attackers exploit authentication gaps and automate their attacks. Akamai identified 150 billion API attacks globally from January 2023 through December 2024, with AI-powered APIs noted as particularly vulnerable due to their accessibility and common lack of adequate authentication.

The study also documented a substantial rise in distributed denial of service (DDoS) attacks at the application layer (Layer 7).

Globally, Layer 7 DDoS attacks increased by 94%, reaching 7 trillion attacks, with the high-technology sector being most affected. The monthly volume of these attacks doubled from just over 500 billion in early 2023 to over 1.1 trillion by the end of 2024. HTTP flood attacks remained the predominant threat in this category.

Within APJ, Layer 7 DDoS attacks grew by 66% year-over-year, making it the second most targeted region worldwide. The region saw a total of 7.4 trillion attacks in this category over the two years, peaking at 504 billion in December 2024. Singapore recorded the highest number within APJ at 4.7 trillion attacks, with India and South Korea following at 1.1 trillion and 607 billion, respectively. Digital media platforms and commerce were the sectors most impacted in the region.

On a broader scale, the report identified over 230 billion web attacks globally targeting commerce organisations—almost three times the impact experienced by the high technology sector, the second most targeted industry. Security incidents related to the OWASP API Top 10 increased by 32%, revealing persistent issues with authentication and authorisation flaws. Additionally, security alerts referencing the MITRE framework rose by 30% as attackers adopted more advanced, automated, and AI-driven strategies.

Shadow and zombie APIs were identified as notable risk factors due to their prevalence in complex API ecosystems.

Reuben Koh, Director of Security Technology and Strategy at Akamai Technologies APJ, commented on the implications of the findings. "The surge in web and API attacks across APJ reflects more than just the region's rapid digital adoption, it also underscores the urgent need for cybersecurity to evolve rapidly with the growing integration of AI into enterprise ecosystems. As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly," he said. "This SOTI report will also dive into practical mitigation strategies on how organisations can better protect themselves against evolving threats."

The report also addressed the regulatory response to surging web and API attacks, noting stricter compliance requirements across the region.

Countries such as Singapore, Japan, India, and Australia have enacted or expanded legislation to increase cybersecurity oversight, including the introduction of the Cybersecurity Act 2024 in Australia and revisions to existing frameworks in other markets.

As regulatory enforcement intensifies and compliance deadlines approach, Akamai advised organisations to adopt a shift-left security approach, enhance API governance, and deploy AI-powered defences to safeguard against evolving threats.

Akamai's State of the Internet report series is now in its eleventh year, delivering insights into cybersecurity trends and web performance based on data from infrastructure responsible for processing a substantial proportion of global web traffic.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Proofpoint unveils unified platforms to combat data & cyber risks
CrowdStrike launches Falcon Privileged Access to block threats
Most firms overestimate data resilience, risking USD $400 billion
CrowdStrike named leader in GigaOm XDR report for 2025
Nine in ten IT leaders faced cyberattacks as threats intensify
Top stories
Preparing your data centre for AI
OPSWAT partners with Sektor Cyber to boost ANZ presence
Proofpoint launches unified cybersecurity solution to cut costs
Proofpoint unveils unified AI data security platform for enterprises
Lineaje launches AI-powered self-healing for software security