According to report, financial hubs, including Australia and Japan, stand out as biggest targets of attacks
Bengaluru, NFAPost: Akamai Technologies, the cloud company that powers and protects life online, reveals that the financial services sector in Asia-Pacific and Japan (APJ) continues to be the most attacked industry in the region and has seen record growth in web application and API attacks, with a 248% increase in attacks from the previous year.
The company released a new State of the Internet report titled Slipping Through The Security Gaps: The Rise of Application and API Attacks Against Organizations.
The 248% growth in web application and API attacks against finance in APJ, is significantly higher than the nearly 169% growth in attacks globally, revealing that financial services organizations in this region are actively targeted and at severe risk as threat actors increase the volume, frequency, and sophistication of their attacks.
Akamai Security Technology and Strategy Director (APJ) Reuben Koh said the nearly 250% surge in attacks correlates with the significant investment APJ financial services organizations are continuing to make in digital transformation and the expansion of customer-centric digital products and services.
“This is a critical concern for financial services organizations, as increasing digitalization will expand their overall attack surfaces, giving threat actors even more opportunities to launch cyber-attacks,” said Akamai Security Technology and Strategy Director (APJ) Reuben Koh.
Across the region, APJ experienced a steady growth in overall web application and API attacks across the past 24 months, averaging around 10 million attacks per day. Akamai also observed days that went above 60 million in attack count, which indicates that regional organizations continue to face the risk of high intensity, targeted attacks.
Local File Inclusion (LFI) attacks were found to be the most common attack vector in APJ, growing around 154 percent year-over-year, surpassing XSS and SQLi attacks. LFI attacks exploit insecure coding practices or actual vulnerabilities on a web server to execute code remotely or gain access to sensitive information stored locally.
PHP-based web servers are particularly vulnerable to LFI due to existing methods of bypassing its input filters. A large majority of popular websites, including Facebook, WordPress, and Wikipedia, run PHP – which increases the likelihood of LFI being used. The growth of LFI attacks in APJ shows how threat actors are constantly evolving their techniques and shifting targets toward consumer behavior in order to get the most return on investment.
Akamai’s report states:
The top three industries in APJ facing the greatest number of web application and API attacks in 2022 were financial services (2 billion), commerce (980 million), and digital media (393 million).
Both Australia and Japan, recognized as notable financial hubs within APJ, saw the largest growth of web application and API attacks against their financial sectors, growing at 259 percent and 1,635 percent year-over-year.
However, Australia experienced patterns of persistent and consistently increasing web application and API attacks in 2022 with several big-bang attacks, while Japan saw mostly big-bang attack types. This is indicative that specific verticals and organizations in these countries were being actively targeted.
Attacks against Japan’s high-tech sector also grew more than 116 percent year-over-year in 2022, most likely due to the country’s significant investment in R&D and advanced technologies.
India experienced more persistent and consistent attack campaigns focused on the retail and commerce sector, with web application and API attacks growing to almost 90% growth year-over-year in 2022. The large presence of online retailers and growing e-commerce spend in India makes this sector a lucrative target for cyber criminals. In financial services, India experienced a 56% increase in attacks year-over-year.
The top three industries in APJ facing the highest growth of attacks from 2021 to 2022 were financial services (248 percent), manufacturing (162%), and the public sector (139%).
Akamai Security Technology and Strategy Director (APJ) Reuben Koh said cyber criminals are constantly exploiting web applications and APIs and will continue to use new attack techniques to maximise their return on investment.
“The finance, manufacturing, and commerce sectors in APJ are hubs for digital innovation, and therefore, are very lucrative targets for attackers,” said Akamai Security Technology and Strategy Director (APJ) Reuben Koh.
Akamai Security Technology and Strategy Director (APJ) Reuben Koh said the threat landscape indicates a shift toward remote code execution, with emerging attack vectors, including Server-Side Request Forgery (SSRF), Server-Side Template Injections (SSTI), and Server-Side Code Injection.
“As organizations continue to face relentless attack attempts, they need to stay updated on the latest attack trends and best practices to adapt their mitigation strategies,” he concluded.
