Indusface has unveiled its latest findings in the “State of Application Security Report” for Q3 2024. The report captures a critical shift in cybersecurity dynamics, with a marked increase in cyber threats, particularly those targeting APIs.
As digital operations pivot increasingly towards API integration, the report documents over 1.2 billion attacks including 271 million API attacks last quarter.
The study notes a remarkable 3000% increase in DDoS attacks on APIs compared to traditional web assets. API-focused attacks were also 85% more frequent than those on websites, revealing the heightened risk landscape for organisations relying heavily on API gateways, which are often underprepared for such sophisticated threats.
Throughout the digital ecosystem, DDoS and bot attacks have increased substantially, with Indusface’s AppTrana Web Application and API Protection (WAAP) platform intercepting more than 377 million DDoS incidents and 215 million bot attacks in Q3 alone. This significant activity marks a 145% year-over-year increase in bot activity, with DDoS attacks affecting 60% of websites and bot-driven threats impacting 90%. This widespread prevalence underscores the critical need for advanced security solutions that are effective against these extensive threats.
“Attackers have traditionally targeted industries using various methods like DDoS attacks and bots. However, we’re now witnessing an evolution in their tactics, with a focus on exploiting websites and APIs using diverse attack vectors. The rise of LLMs has significantly lowered the barrier to executing vulnerability attacks, as reflected in our data, which shows triple-digit growth in such incidents. Alarmingly, over 30% of critical and high-severity CVSS vulnerabilities remain unpatched even six months after discovery,” said Ashish Tandon, Founder and CEO, Indusface.
“Over 60% of sites with open vulnerabilities subscribed to AppTrana, faced an onslaught of over 5 million hacking attempts against these vulnerabilities. We were able to successfully mitigate these using our SwyftComply feature. In the absence of our solution, these attacks could have potentially led to losses in the billions of dollars for our customers”, added Ashish.
The report also details the disproportionate impact of cyber threats on Small and Medium-sized Businesses (SMBs). Due to budget constraints, SMBs suffer from a 175% higher rate of DDoS attacks per site than their larger counterparts. Over 354 million attacks targeted SMBs this quarter, underscoring the essential role of comprehensive, managed security solutions like AppTrana in protecting these businesses.
Sector-specific trends reveal:
- Banking, Financial Services, and Insurance (BFSI): Double the industry average in bot attacks, with financial data increasingly targeted for theft and fraud.
- Healthcare: Every healthcare site has experienced bot attacks, exposing significant risks of credential abuse and data theft.
- Retail & E-commerce: Bot-driven attacks led to a 50% higher vulnerability exploitation rate than DDoS attacks, indicating a broad spectrum of cyber threats.
- Power & Energy: The frequency of attacks quadrupled as attackers exploited lesser-regulated sectors for ransom-focused intrusions.
The increasing frequency and sophistication of cyber threats, particularly those targeting APIs, highlight the urgent need for advanced, managed security solutions. As these threats evolve, safeguarding digital assets across industries becomes paramount, underscoring the essential role of dynamic security strategies in the global cybersecurity ecosystem.
