Web Application Attacks Surge in Asia Pacific and Japan Region

The Asia Pacific and Japan (APJ) region has seen a substantial increase in web application attacks, with a staggering 73% growth year-on-year in 2024. This alarming trend has been detailed in Akamai Technologies’ recent report, emphasizing the impact of artificial intelligence (AI) technologies in broadening the attack surface and heightening the complexity of cyber threats.

Overview of Web Application Attacks

The report, aptly named “State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain”, indicates that the APJ region experienced a total of 51 billion web application attacks last year, a significant rise from 29 billion in 2023. Among the countries affected, Australia, India, and Singapore were notably the most targeted, recording 20.3 billion, 17.3 billion, and 15.9 billion attacks respectively.

Impact on Key Sectors

The sectors most impacted by these attacks were financial services and commerce, collectively accounting for over 27 billion and 18 billion attacks respectively. On a global scale, the figures are equally troubling, with 311 billion web application attacks reported worldwide in 2024, marking a 33% increase from the previous year.

Vulnerabilities in APIs

A significant aspect highlighted in the report is the susceptibility of application programming interfaces (APIs), which are increasingly adopted to connect AI solutions with business platforms. From January 2023 to December 2024, Akamai recorded 150 billion API attacks globally, many of which took advantage of weak authentication measures and automation-friendly entry points. The report underscores that AI-powered APIs are particularly vulnerable due to their exposure to the internet and often inadequate security protocols.

Rise in DDoS Attacks

In addition to web application attacks, the APJ region has witnessed a notable increase in Layer 7 distributed denial-of-service (DDoS) attacks, with a 66% year-on-year spike. This region now ranks as the second most targeted globally, achieving a peak of 504 billion attacks by December 2024. Singapore topped the APJ charts with 4.7 trillion attacks over a span of two years, followed by India with 1.1 trillion and South Korea with 607 billion.

Global DDoS Trends

Globally, Layer 7 DDoS attacks soared by 94%, amounting to 7 trillion attacks in 2024. HTTP floods emerged as the predominant threat vector, severely affecting high-tech firms and digital media outlets.

Additional Insights from the Report

Other notable findings from the report include:

• Globally, over 230 billion web attacks were aimed at commerce organisations, establishing it as the most targeted sector.
• The incidents associated with the OWASP API Top 10 increased by 32%, showcasing persistent issues relating to authentication and authorisation flaws.
• Security alerts related to the MITRE ATT&CK framework rose by 30%, signalling an uptick in the use of automation and AI by cybercriminals.
• Shadow and zombie APIs were recognised as especially vulnerable within intricate digital setups.

Reuben Koh, the Director of Security Technology and Strategy at Akamai Technologies APJ, articulated that this surge in attacks highlights the pressing need for more adaptive security strategies. He noted that, as threat actors amplify the scale and sophistication of their attacks, security strategies must evolve correspondingly.

Government Response and Recommendations

In light of these developments, governments across the APJ region have intensified regulatory oversight. Singapore has broadened its cybersecurity laws, Japan has refreshed its national cybersecurity strategy, and Australia has enacted the Cybersecurity Act 2024. Additionally, India’s implementation of the Digital Personal Data Protection Bill illustrates a larger trend toward stricter compliance requirements.

With enforcement deadlines on the horizon, Akamai urges organisations to proactively implement measures such as shift-left security approaches, improved API governance, and AI-driven defenses to combat the evolving threats.

The SOTI report series, now in its 11th year, utilises data from Akamai’s infrastructure, which processes over a third of the world’s web traffic, to provide insights into ongoing cybersecurity trends and risks.