"In more than 4,000 monitored environments, the security company recorded an average of more than 220 API incidents per day. Although APIs account for only 14 percent of the total attack surface, they now attract 44 percent of advanced bot traffic. These figures illustrate a fundamental shift in the way cybercriminals operate. They are deploying their most advanced automation on the workflows that form the core of critical business processes."
"The financial sector appears to be particularly vulnerable. In the first half of 2025, 27 percent of all API-targeted DDoS traffic was directed at financial services. This sector is heavily dependent on APIs for real-time transactions such as balance checks, transfers, and payment authorizations. The distribution of attacks shows a clear pattern. Data access APIs are the most targeted (37 percent), followed by checkout and payment APIs (32 percent). Authentication endpoints account for 16 percent of targets,"
API attacks reached a record high in the first half of 2025 with more than 40,000 incidents and a record application-layer DDoS of 15 million requests per second targeting a financial services API. More than 220 API incidents occurred per day across over 4,000 monitored environments. APIs represent 14 percent of the total attack surface but attract 44 percent of advanced bot traffic. Financial services received 27 percent of API-targeted DDoS traffic and rely heavily on APIs for real-time transactions. Data access APIs (37 percent) and checkout/payment APIs (32 percent) are the most targeted. If current trends continue, incidents may exceed 80,000 by year end.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]