IT Brief Asia - Technology news for CIOs & IT decision-makers
Story image

Web application & API attacks surge in APJ financial sector: Akamai Report

The financial services sector in Asia Pacific and Japan (APJ) remains one of the most attacked industries globally, facing a startling 36 percent surge in web application and API attacks. These striking figures were revealed in a new State of the Internet report, "The High Stakes of Innovation: Attack Trends in Financial Services", resulting in over 3.7 billion attacks from Q2 2022 to Q2 2023.

The report, which investigates cyber attack trends, unearthed that Australia, Singapore, and Japan were the top three most targeted countries in APJ. These countries make up for more than three-quarters of all web application and API attacks due to their global financial hub status.

Local File Inclusion (LFI) has remained the top attack vector, with 92.3 percent of the attacks against the APJ finance sector specifically targeting banks. This intense focus poses a severe threat to the financial institutions themselves and their customer base. One of the report's additional significant findings is that APJ financial services organisations are increasingly using third-party scripts, with 40 percent being third-party in nature, as they expand their channels and enhance customer experiences.

"APJ's financial services sector is one of the most innovative and competitive in the world. While financial institutions have turned to third-party scripts to improve their customers' experiences promptly, this increased usage introduces another layer of risk due to limited visibility into potential vulnerabilities and authenticity of these applications," commented Reuben Koh, Security Technology and Strategy Director (APJ), Akamai.

The report also reveals that malicious bot traffic spiked by 128 percent from 2022, outlining the persistent threat to financial services customers and their data. APJ was named the second-most targeted region globally for malicious bot requests against financial services, making up 39.7 percent of all worldwide malicious bot requests.

Web applications and APIs continue to be the preferred attack vectors in APJ. The finance sector alone accounts for 50 percent of attacks of this category, followed by commerce and social media at 19.99 percent and 8.3 percent respectively. Local File Inclusion (LFI) is the leading attack vector, comprising 63.2 percent of attacks.

"The pace of innovation in the financial sector means cyber criminals are always seeking more sophisticated ways to carry out their attacks. The rising popularity of financial aggregators and the adoption of open banking practices will expand attack surfaces even further," warned Koh. He added that while investing in frictionless security measures for users and imparting cyber hygiene education to customers is vital, companies must also prepare for new compliance requirements.

Akamai Technologies, a leading cloud company, powers and protects life online, providing digital experiences for billions globally. Its new report adds valuable insights into the state of cybersecurity in the APJ financial sector, urging the need for enhanced security measures amidst rising threats.

Follow us on: