Cybercriminals Shift Focus to APIs: Over 40,000 API-Related Cyber Attacks Reported in the First Half of 2025
In the first half of 2025, a significant surge in cyberattacks targeting Application Programming Interfaces (APIs) has been observed, with the financial services sector bearing the brunt of these attacks. According to the Thales API Threat Report, APIs now attract 44% of advanced bot traffic, despite representing only 14% of overall attack surfaces.
The report warns that APIs have become the primary target for cybercriminals, with financial services leading the pack at 27%. This is reflective of the sector's heavy reliance on APIs for real-time transactions, making them an attractive target.
Remote code execution (RCE) probes account for 13% of these attacks, with Log4j, Oracle WebLogic, and Joomla being the most targeted Common Vulnerabilities and Exposures (CVEs). Tim Chang, Vice President Application Security Products at Thales, stated that APIs are the most attractive attack surfaces in the digital economy and that we are witnessing a shift in how criminals operate, bending business logic against organizations.
One such attack involved a record-breaking 15 million requests-per-second (RPS) application-layer DDoS attack targeted against a financial services API. The DDoS attack was specifically aimed at the application layer, exploiting the API to exhaust resources and disrupt operations.
Coupon and payment fraud represents 26% of these attacks, exploiting promo loops and weak checkout validation. Data scraping accounts for 31% of API bot activity, often targeting high-value fields such as email addresses and payment details.
Shadow APIs remain a critical blind spot, with organisations typically having 10-20% more active APIs than they are aware of. Attackers are combining scale with stealth, using massive botnets and headless browsers to mimic legitimate API requests.
In H1 2025, API incidents averaged over 220 per day and are projected to exceed 80,000 by year-end if trends continue. Over 40,000 API incidents were recorded by Thales in the first half of 2025 across more than 4,000 monitored environments. Credential-stuffing and account takeover attempts rose 40% on APIs without adaptive Multi-Factor Authentication (MFA).
The company F5, Inc. also hired a Vice President for Application Security products in the first half of 2025, signalling a growing focus on securing APIs in the digital economy.
By industry, financial services lead with 27%, followed by telecoms and ISPs with 10%, travel with 14%, and entertainment & arts with 13%.
As the digital economy continues to evolve, it is crucial for organisations to prioritise API security to protect their critical infrastructure and customer data from cyber threats.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
- Top 46 Significant Tech Firms Based in Toronto
