3000% Surge on API Attacks, Indusface’s Research on 1.26 Billion attacks in Q3, 2024 – CRN
3 min readIndusface, a globally trusted Application Security SaaS provider serving over 5,000 customers in 95 countries, has unveiled its latest findings in the “State of Application Security Report” for Q3 2024. The report captures a critical shift in cybersecurity dynamics, with a marked increase in cyber threats, particularly those targeting APIs.
As digital operations pivot increasingly towards API integration, the report documents over 1.2 billion attacks that include 271 million API attacks lastquarter.
The study notes a remarkable 3000% increase in DDoS attacks on APIs compared to traditional web assets. API-focused attacks were also 85% more frequent than those on websites, revealing the heightened risk landscape for organisations relying heavily on API gateways, which are often underprepared for such sophisticated threats.
Throughout the digital ecosystem, DDoS and bot attacks have increased substantially, with Indusface’sAppTrana Web Application and API Protection (WAAP) platform intercepting more than 377 million DDoS incidents and 215 million bot attacks in Q3 alone. This significant activity marks a 145% year-over-year increase in bot activity, with DDoS attacks affecting 60% of websites and bot-driven threats impacting 90%. This widespread prevalence underscores the critical need for advanced security solutions that are effective against these extensive threats.
“Attackers have traditionally targeted industries using various methods like DDoS attacks and bots. However, we’re now witnessing an evolution in their tactics, with a focus on exploiting websites and APIs using diverse attack vectors. The rise of LLMs has significantly lowered the barrier for executing vulnerability attacks, as reflected in our data, which shows triple-digit growth in such incidents. Alarmingly, over 30% of critical and high-severity CVSS vulnerabilities remain unpatched even six months after discovery,” said Ashish Tandon, Founder and CEO of Indusface.
“Over 60% of sites with open vulnerabilities subscribed to AppTrana, faced an onslaught of over 5 million hacking attempts against these vulnerabilities. We were able to successfully mitigate these using our SwyftComply feature. In the absence of our solution, these attacks could have potentially led to losses in the billions of dollars for our customers”. Added Ashish.
The report also details the disproportionate impact of cyber threats on Small and Medium-sized Businesses (SMBs), which suffer from a 175% higher rate of DDoS attacks per site compared to their larger counterparts, due to budget constraints. Over 354 million attacks targeted SMBs this quarter, underscoring the essential role of comprehensive, managed security solutions like AppTrana in protecting these businesses.
Sector-specific trends reveal:
Banking, Financial Services, and Insurance (BFSI): Double the industry average in bot attacks, with financial data increasingly targeted for theft and fraud.
Healthcare: Every healthcare site experienced bot attacks, exposing significant risks of credential abuse and data theft.
Retail & E-commerce: Bot-driven attacks led to a 50% higher rate of vulnerability exploitation compared to DDoS attacks, indicating a broad spectrum of cyber threats.
Power & Energy: The frequency of attacks quadrupled as attackers exploit lesser-regulated sectors for ransom-focused intrusions.
The increasing frequency and sophistication of cyber threats, particularly those targeting APIs, highlight the urgent need for advanced, managed security solutions. As these threats evolve, safeguarding digital assets across industries becomes paramount, underscoring the essential role of dynamic security strategies in the global cybersecurity ecosystem.