Security systems observed a sharp increase in API incidents in the first half of 2025, with over 40,000 security events targeting more than 4,000 environments globally. These incidents indicate that APIs — the unseen conduits connecting apps, payments and authentication — are now at the forefront of cybercriminal strategies.
Thales’ API Threat Report for H1 2025, built on Imperva telemetry, shows APIs represent about 14 percent of an organisation’s total attack surface but now draw 44 percent of advanced bot traffic. Attackers are leveraging sophisticated automation. A standout incident involved an application-layer DDoS that peaked at 15 million requests per second against a financial sector API. This large-scale assault underlines how cyber adversaries are combining volume with stealth to bypass traditional defences.
Data-access APIs bore the brunt of attacks, closely followed by checkout- and payment-oriented endpoints. Authentication interfaces accounted for 16 percent, with gift-card or promotion validation endpoints and misconfigured or shadow APIs making up smaller proportions. Shadow APIs — endpoints organisations don’t realise they have or monitor poorly — are described as one of the most serious blind spots.
Credential stuffing and account takeover attempts rose significantly for APIs that lack adaptive multi-factor authentication. Data scraping from high-value fields such as email and payment data is a growing bot activity, while fraud involving coupons or payments exploits weak or ill-validated checkout logic. Remote code execution probes, particularly those targeting known vulnerabilities such as Log4j, Oracle WebLogic, and Joomla, make up around 13 percent of the attack profile.
Financial services, already heavily dependent on real-time API-mediated functions, are under particular pressure. They accounted for 27 percent of API-targeted DDoS traffic in the first half of the year. Other industries targeted included travel, telecoms and entertainment, each facing specific but increasingly complex threats.
Efforts to detect and govern API risk remain uneven. Surveys indicate that nearly all organisations have encountered API security issues over the past twelve months. Vulnerabilities such as broken object-level authorisation, exposure of sensitive data, and weaknesses in API authentication are prominent. Although many companies are increasing budgets for API security, only a small fraction have advanced programmes in place.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
