Asia Pacific and Japan see 51bn web attacks in 2024, driven by AI use
As AI reshapes digital ecosystems, its dual role as both shield and sword underscores the urgent need for smarter, faster, and more adaptive cybersecurity strategies.
- Apr 24, 2025,
- Updated Apr 24, 2025 6:14 PM IST
The Asia Pacific and Japan (APJ) region experienced a 73% year-on-year rise in web application attacks in 2024, according to a new report from cybersecurity firm Akamai Technologies. The surge, detailed in Akamai’s latest State of the Internet (SOTI) report, is being attributed to the rapid adoption of artificial intelligence (AI) technologies, which are expanding the attack surface and increasing the sophistication of cyber threats.
The report, titled "State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain", reveals that the region saw 51 billion web application attacks last year, up from 29 billion in 2023. Australia, India, and Singapore emerged as the most targeted countries, with 20.3 billion, 17.3 billion, and 15.9 billion attacks respectively.
The financial services and commerce sectors were the most affected, accounting for over 27 billion and 18 billion attacks respectively. The global picture was similarly concerning, with 311 billion web application attacks recorded worldwide in 2024, a 33% increase compared to the previous year.
One key focus of the report is the vulnerability of application programming interfaces (APIs), which are increasingly used to integrate AI tools with business platforms. Between January 2023 and December 2024, Akamai observed 150 billion global API attacks, many of which exploited weak authentication and automation-friendly entry points. The report identifies AI-powered APIs as especially at risk due to their external exposure and often insufficient security controls.
In addition to web application threats, the APJ region saw a sharp rise in Layer 7 distributed denial-of-service (DDoS) attacks, with volumes increasing by 66% year-over-year. The region was the second most targeted globally, reaching a peak of 504 billion attacks in December 2024. Singapore recorded the highest number within APJ, facing 4.7 trillion attacks over two years, followed by India (1.1 trillion) and South Korea (607 billion).
Globally, Layer 7 DDoS attacks surged by 94%, totalling 7 trillion attacks in 2024. HTTP floods remained the dominant threat vector, particularly impacting high-tech companies and digital media platforms.
Additional findings in the report highlight:
- Over 230 billion web attacks were directed at commerce organisations globally, making it the most targeted industry.
- Incidents related to the OWASP API Top 10 rose by 32%, indicating ongoing issues with authentication and authorisation flaws.
- Security alerts linked to the MITRE ATT&CK framework increased by 30%, reflecting greater use of automation and AI by malicious actors.
- Shadow and zombie APIs were identified as particularly vulnerable within complex digital ecosystems.
Reuben Koh, Director of Security Technology and Strategy at Akamai Technologies APJ, stated that the rise in attacks underscores the urgent need for more adaptive security strategies. "As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly," he said.
Governments across the region are responding with heightened regulatory oversight. Singapore has expanded its cybersecurity legislation, Japan has updated its national cybersecurity strategy, and Australia passed the Cybersecurity Act 2024. India’s implementation of the Digital Personal Data Protection Bill also reflects a broader move towards stricter compliance requirements.
With enforcement deadlines approaching, Akamai advises organisations to adopt proactive measures such as shift-left security approaches, enhanced API governance, and AI-based defences to mitigate evolving threats.
The SOTI report series, now in its 11th year, leverages data from Akamai’s infrastructure, which processes over a third of global web traffic, to offer insights into cybersecurity trends and risks.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine
The Asia Pacific and Japan (APJ) region experienced a 73% year-on-year rise in web application attacks in 2024, according to a new report from cybersecurity firm Akamai Technologies. The surge, detailed in Akamai’s latest State of the Internet (SOTI) report, is being attributed to the rapid adoption of artificial intelligence (AI) technologies, which are expanding the attack surface and increasing the sophistication of cyber threats.
The report, titled "State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain", reveals that the region saw 51 billion web application attacks last year, up from 29 billion in 2023. Australia, India, and Singapore emerged as the most targeted countries, with 20.3 billion, 17.3 billion, and 15.9 billion attacks respectively.
The financial services and commerce sectors were the most affected, accounting for over 27 billion and 18 billion attacks respectively. The global picture was similarly concerning, with 311 billion web application attacks recorded worldwide in 2024, a 33% increase compared to the previous year.
One key focus of the report is the vulnerability of application programming interfaces (APIs), which are increasingly used to integrate AI tools with business platforms. Between January 2023 and December 2024, Akamai observed 150 billion global API attacks, many of which exploited weak authentication and automation-friendly entry points. The report identifies AI-powered APIs as especially at risk due to their external exposure and often insufficient security controls.
In addition to web application threats, the APJ region saw a sharp rise in Layer 7 distributed denial-of-service (DDoS) attacks, with volumes increasing by 66% year-over-year. The region was the second most targeted globally, reaching a peak of 504 billion attacks in December 2024. Singapore recorded the highest number within APJ, facing 4.7 trillion attacks over two years, followed by India (1.1 trillion) and South Korea (607 billion).
Globally, Layer 7 DDoS attacks surged by 94%, totalling 7 trillion attacks in 2024. HTTP floods remained the dominant threat vector, particularly impacting high-tech companies and digital media platforms.
Additional findings in the report highlight:
- Over 230 billion web attacks were directed at commerce organisations globally, making it the most targeted industry.
- Incidents related to the OWASP API Top 10 rose by 32%, indicating ongoing issues with authentication and authorisation flaws.
- Security alerts linked to the MITRE ATT&CK framework increased by 30%, reflecting greater use of automation and AI by malicious actors.
- Shadow and zombie APIs were identified as particularly vulnerable within complex digital ecosystems.
Reuben Koh, Director of Security Technology and Strategy at Akamai Technologies APJ, stated that the rise in attacks underscores the urgent need for more adaptive security strategies. "As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly," he said.
Governments across the region are responding with heightened regulatory oversight. Singapore has expanded its cybersecurity legislation, Japan has updated its national cybersecurity strategy, and Australia passed the Cybersecurity Act 2024. India’s implementation of the Digital Personal Data Protection Bill also reflects a broader move towards stricter compliance requirements.
With enforcement deadlines approaching, Akamai advises organisations to adopt proactive measures such as shift-left security approaches, enhanced API governance, and AI-based defences to mitigate evolving threats.
The SOTI report series, now in its 11th year, leverages data from Akamai’s infrastructure, which processes over a third of global web traffic, to offer insights into cybersecurity trends and risks.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine