Cloudflare’s 2024 API Security and Management Report unveils how APIs are being leveraged by businesses more than ever (57% of all Internet traffic) — ultimately opening the door to more online threats than seen before. The report underscores the gap between organisations’ use of APIs and their ability to safeguard the data those APIs touch. The report provides an in-depth look at the increased attempts + successful exploitation of API errors, along with how one-third of API mitigations comprised blocking DDoS attacks.

• – Palo Alto Networks Shares Best Practices for Ransomware Protection in Hospital Groups
• – NCSA and Huawei Boost Thailand’s Digital Workforce Through Cyber security Competition

Cloudflare’s Q4 DDoS Trends Report dives into the ways threat actors deployed and attempted to wreak havoc through DDoS campaigns in Q4 2023 (including the largest DDoS attack ever seen in the history of the Internet). Other key findings include a surge in attacks on Palestinian websites amidst the Israel-Hamas war, a 100%+ YoY increase in network-layer attacks, and insights on the most attacked regions and industries.

You can find the full API report here and DDoS report here, as well as a summary of top insights from both reports appended below for easy reference. Please let us know if you have any questions, or would like to connect with someone from Cloudflare on this.

API Highlights:

• APIs outpace other Internet traffic: Successful API requests accounted for 57% of Internet traffic (dynamic HTTP traffic) processed by Cloudflare.
• APIs are relied upon by some of the most popular industries: Industries with the highest share of API traffic include the IoT platform, rail/bus/taxi, legal services, multimedia/games, and logistics/supply chain industries.
• Across the globe, API traffic is spiking: API traffic share was highest in Africa and Asia. API traffic varied the most in the Middle East.
• APIs face an array of frequent and increasing threats: HTTP Anomaly, Injection attacks, and file inclusion were the top three attack types mitigated by Cloudflare Web Application Firewall (WAF).
• Top mitigation method: One-third (33%) of API mitigations comprised blocking Distributed Denial of Service (DDoS) attacks.
• Shadow APIs are a silent killer: Organizations cannot protect what they cannot see, and Cloudflare discovered nearly 31% more API REST endpoints (when an API connects with the software program) through machine learning than were discovered via customer-provided session identifiers.

DDoS Highlights:

• 117% year-over-year increase in network-layer DDoS attacks, and overall increased DDoS activity targeting retail, shipment and public relations websites during Black Friday and the holiday season.
• DDoS attacks targeting Palestinian websites grew 11-fold as the military conflict between Israel and Hamas continues.
• Cloudflare mitigated over 2.2 billion HTTP DDoS requests targeting Israeli websites, with newspapers & media making up almost 40% of all attacks.
• 618-fold surge in DDoS attacks on Environmental Services websites compared to the previous year, coinciding with the 28th United Nations Climate Change Conference (COP 28).
• Cryptocurrency was the most attacked industry in Q4 by attack volume, followed by gaming & gambling.