Just in:
AI tools sharpen cybercrime as quishing surges // Dealing.com claims record for tokenised stock access // Xsolla and Management and Science University (MSU) Sign Memorandum of Understanding (MOU) to Connect Future Game Developers With Global Commercial Opportunities // Louis Vuitton Celebrates 130 Years of the Monogram // Shein targets $3 billion Hong Kong market debut // Dubai-Botswana pact opens new commodity trade corridor // Inflation In India Rising Sharply Since January 2026, Highest In June // Rival cyber spies penetrate Pakistan police networks // Masdar secures $5.1 billion for round-the-clock solar // Paymentology and T2P partner to accelerate the future of card issuing in Thailand // Armacell Deepens Asia‑Pacific Industry Engagement to Drive Energy Efficiency, Sustainability and Fire Safety // Gadkari’s Ethanol Defence Is Losing The Public Argument // First Energy Africa Oil Corp. Strengthens Board with Appointment of Industry Veterans Simon Akit and Frederick Kozak // A SIM Guide to Comparing Graduate Salaries and Employability in Singapore // Central & Western District Youth-to-Career Explo Connects Hong Kong Youth to Future Careers in AI Era // AI-Generated Deepfakes Are Eroding Social Trust // DITP Launches THAI SELECT Festival 2026 in New York to Strengthen U.S. Market Opportunities for Thailand’s Food Industry // SBI Funds draws sovereign wealth funds to IPO // Anthropic extends Fable access as model rumours intensify // De Beers halts Venetia output amid diamond slump //

APIs Under Fire: Over 40,000 Attacks Hit Major Sectors in First Half of 2025

Security systems observed a sharp increase in API incidents in the first half of 2025, with over 40,000 security events targeting more than 4,000 environments globally. These incidents indicate that APIs — the unseen conduits connecting apps, payments and authentication — are now at the forefront of cybercriminal strategies.

Thales’ API Threat Report for H1 2025, built on Imperva telemetry, shows APIs represent about 14 percent of an organisation’s total attack surface but now draw 44 percent of advanced bot traffic. Attackers are leveraging sophisticated automation. A standout incident involved an application-layer DDoS that peaked at 15 million requests per second against a financial sector API. This large-scale assault underlines how cyber adversaries are combining volume with stealth to bypass traditional defences.

Data-access APIs bore the brunt of attacks, closely followed by checkout- and payment-oriented endpoints. Authentication interfaces accounted for 16 percent, with gift-card or promotion validation endpoints and misconfigured or shadow APIs making up smaller proportions. Shadow APIs — endpoints organisations don’t realise they have or monitor poorly — are described as one of the most serious blind spots.

ADVERTISEMENT

Credential stuffing and account takeover attempts rose significantly for APIs that lack adaptive multi-factor authentication. Data scraping from high-value fields such as email and payment data is a growing bot activity, while fraud involving coupons or payments exploits weak or ill-validated checkout logic. Remote code execution probes, particularly those targeting known vulnerabilities such as Log4j, Oracle WebLogic, and Joomla, make up around 13 percent of the attack profile.

Financial services, already heavily dependent on real-time API-mediated functions, are under particular pressure. They accounted for 27 percent of API-targeted DDoS traffic in the first half of the year. Other industries targeted included travel, telecoms and entertainment, each facing specific but increasingly complex threats.

Efforts to detect and govern API risk remain uneven. Surveys indicate that nearly all organisations have encountered API security issues over the past twelve months. Vulnerabilities such as broken object-level authorisation, exposure of sensitive data, and weaknesses in API authentication are prominent. Although many companies are increasing budgets for API security, only a small fraction have advanced programmes in place.



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Dubai diamond trade reaches record $41.7 billion // Dealing.com claims record for tokenised stock access // Masdar secures $5.1 billion for round-the-clock solar // Gadkari’s Ethanol Defence Is Losing The Public Argument // Shein targets $3 billion Hong Kong market debut // Enshi Suobuya Stone Forest in China Launches Rich Cultural Experiences to Welcome Southeast Asian Tourists // Central & Western District Youth-to-Career Explo Connects Hong Kong Youth to Future Careers in AI Era // Paymentology and T2P partner to accelerate the future of card issuing in Thailand // Anthropic extends Fable access as model rumours intensify // Xsolla and Management and Science University (MSU) Sign Memorandum of Understanding (MOU) to Connect Future Game Developers With Global Commercial Opportunities // Armacell Deepens Asia‑Pacific Industry Engagement to Drive Energy Efficiency, Sustainability and Fire Safety // Alessio Vinassa: ‘Generative AI Is the Most Important Creative Tool Since the Camera — and the Most Misunderstood’ // SBI Funds draws sovereign wealth funds to IPO // AI tools sharpen cybercrime as quishing surges // Dubai-Botswana pact opens new commodity trade corridor // HKSTP Park Company Wins 2nd Runner-Up in Rocket Fuel East Startup Competition // DITP Launches THAI SELECT Festival 2026 in New York to Strengthen U.S. Market Opportunities for Thailand’s Food Industry // Fynd brings AI fashion platform to Gulf // Lever Style Reports 2026 Interim Financial Results // A SIM Guide to Comparing Graduate Salaries and Employability in Singapore //