Akamai Technologies calls for more security control against API fraud


Cloud company Akamai Technologies has released its findings on financial sector threats, highlighting a worrying surge in API cyber attacks. 

Criminals are becoming more sophisticated, according to the firm, with API fraud rates not only increasing “with an alarming rate”, but also growing in complexity. 

In its paper titled “Enemy at the Gates”, Akamai further highlights that around 80% of all cyber attacks are aimed at individual customers rather than the service providers themselves, as this often is “the path of least resistance” when it comes to fraud. 

As it is revealed, financial services are the main target for several fraud verticals, including API attacks, DDoS, phishing, zero day exploitation, and botnet activities. 

The biggest surge in attacks can be seen with API attacks, where there is a 257% growth in the number of attacks against financial services year-on-year. 

According to Akamai, API fraud is most prominent in the Asia-Pacific region, where it’s grown by 449%, coinciding with the increasing number of cyberattacks there. Japan, India and Australia are the counties with the highest API attacks in that part of the world. 

For Latin America, digitisation and lack of good cybercrime governance could be the reasons behind the region’s second place in global API attack rates, Akamai suggests. A spike of 419% in attacks over the last year, in addition to the usual high number of cyber crime cases, costs the region $90bn in damages annually.

Moving into Europe, Akaimi reports that DDoS attacks against financial services have increased by 73% this year alone, making the EMEA the most preferred region for this type of fraud. This interestingly moves the spotlight away from the US, who usually sits in first place. Akaimi notes that the ongoing war between Russia and Ukraine could have played a role in this. 

Steve Winterfeld, Advisory CISO for Akamai, commented: “Financial services is one of the most attacked industries when new vulnerabilities are discovered, a favourite target of DDoS attacks and continuously focused on by phishing campaigns, which are aimed at their customers who suffer the brunt of these attacks.

“Attackers will always find ways to infiltrate your network or impact your customers. Understanding attack surfaces could provide insights into key risks and therefore allow organisations to devise security controls and mitigation plans to better protect customers.”