Apis Under Fire: Over 40,000 Attacks Hit Major Sectors In First Half Of 2025

2025-10-12 05:11:17

(MENAFN- The Arabian Post)

Security systems observed a sharp increase in API incidents in the first half of 2025, with over 40,000 security events targeting more than 4,000 environments globally. These incidents indicate that APIs - the unseen conduits connecting apps, payments and authentication - are now at the forefront of cybercriminal strategies.

Thales' API Threat Report for H1 2025, built on Imperva telemetry, shows APIs represent about 14 percent of an organisation's total attack surface but now draw 44 percent of advanced bot traffic. Attackers are leveraging sophisticated automation. A standout incident involved an application-layer DDoS that peaked at 15 million requests per second against a financial sector API. This large-scale assault underlines how cyber adversaries are combining volume with stealth to bypass traditional defences.

Data-access APIs bore the brunt of attacks, closely followed by checkout- and payment-oriented endpoints. Authentication interfaces accounted for 16 percent, with gift-card or promotion validation endpoints and misconfigured or shadow APIs making up smaller proportions. Shadow APIs - endpoints organisations don't realise they have or monitor poorly - are described as one of the most serious blind spots.

Credential stuffing and account takeover attempts rose significantly for APIs that lack adaptive multi-factor authentication. Data scraping from high-value fields such as email and payment data is a growing bot activity, while fraud involving coupons or payments exploits weak or ill-validated checkout logic. Remote code execution probes, particularly those targeting known vulnerabilities such as Log4j, Oracle WebLogic, and Joomla, make up around 13 percent of the attack profile.

Financial services, already heavily dependent on real-time API-mediated functions, are under particular pressure. They accounted for 27 percent of API-targeted DDoS traffic in the first half of the year. Other industries targeted included travel, telecoms and entertainment, each facing specific but increasingly complex threats.

See also Qualcomm's Arduino Bid Signals Shift For Edge AI Ecosystem

Efforts to detect and govern API risk remain uneven. Surveys indicate that nearly all organisations have encountered API security issues over the past twelve months. Vulnerabilities such as broken object-level authorisation, exposure of sensitive data, and weaknesses in API authentication are prominent. Although many companies are increasing budgets for API security, only a small fraction have advanced programmes in place.

Notice an issue? Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com . We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

MENAFN12102025000152002308ID1110184393

Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.