India faces 3000% surge in API cyber attacks: report
India saw a 3000% increase in cyber attacks on application programming interfaces (API) in the July-September quarter, according to a new report.API-focused distributed denial of service (DDoS) attacks were 85% more frequent than those on websites, highlighting the heightened risk landscape for organisations relying heavily on API gateways, cybersecurity company IndusFace said in a quarterly study.
There were 1.2 billion attacks detected during the quarter, including 271 million API attacks.
An API is a set of rules that allow software applications to communicate and interact with each other.
About 377 million DDoS incidents and 215 million bot attacks were detected. This marked a 145% year-over-year increase in bot activity, with DDoS attacks affecting 60% of websites and bot-driven threats impacting 90%, the report said.
“Attackers have traditionally targeted industries using various methods like DDoS attacks and bots. However, we’re now witnessing an evolution in their tactics, with a focus on exploiting websites and APIs using diverse attack vectors,” said Ashish Tandon, founder and CEO of Indusface.
Tandon added that the rise of large language models has significantly lowered the barrier for executing vulnerability attacks, and the study found triple-digit growth in such incidents.
“Alarmingly, over 30% of critical and high-severity CVSS (common vulnerability scoring system) vulnerabilities remain unpatched even six months after discovery,” he said.
Small and medium-sized businesses (SMBs) suffered a 175% higher rate of DDoS attacks per site compared to their larger counterparts, the report said, attributing this to budget constraints.
SMBs saw 354 million cyber attacks during the quarter.
The report also highlighted that the banking, financial services, and insurance (BFSI) sector faced double the industry average in bot attacks, with financial data increasingly targeted for theft and fraud.
Further, every healthcare site experienced bot attacks, exposing significant risks of credential abuse and data theft.
In retail and ecommerce, bot-driven attacks led to a 50% higher rate of vulnerability exploitation compared to DDoS attacks, indicating a broad spectrum of cyber threats, the study found.
Meanwhile, the frequency of attacks in the power and energy sector quadrupled. This was attributed to attackers exploiting lesser-regulated sectors for ransom-focused intrusions.