From the viewpoint of one cloud content delivery and security firm, these trends are indicators of the 2024 cyber threat landscape.

In the third quarter of 2023, one content delivery network and cloud security noted that application programming interfaces were being leveraged by businesses more than ever — ultimately opening the door to more online threats than before. 

Also, the firm, Cloudflare, noted the ways that threat actors deployed and attempted to wreak havoc through distributed denial of service (DDoS) campaigns in Q4 2023 — including the largest DDoS attack ever seen in the history of the Internet. 

The firm’s reports on API Security/Management and DDOS Trends offer the following factoids pertaining to its own ecosystem users in Q4 2023: 

API threat highlights:

    • APIs outpaced other types of internet traffic: Successful API requests accounted for 57% of Internet traffic (dynamic HTTP traffic) processed.
    • Industries with the highest share of API traffic: IoT platforms; rail/bus/taxi; legal services; multimedia/games; and logistics/supply chain industries.
    • API traffic spiked: In Q4, API traffic share was highest in Africa and Asia, and varied the most in the Middle East region.
    • Top API threats in terms of frequent and extent: HTTP Anomaly; injection attacks; and file inclusion were the top three attack types registered on the firm’s Web Application Firewall service.
    • Top mitigation method: 33% of API mitigations comprised blocking DDoS attacks.
    • Shadow APIs were a silent killer: There was a 31% increase in API REST endpoints (when an API connects with the software program) through machine learning-based discovery than customer-provided session identifiers — suggesting that nearly a third of APIs encountered were “Shadow APIs” that may not be properly inventoried and secured.

DDoS threat highlights:

    • Q4 saw a 117% year-over-year increase in network-layer DDoS attacks: There was overall increased DDoS activity targeting retail, shipment and public relations websites during Black Friday and the holiday season.
    • DDoS attacks targeting Palestinian websites grew 11-fold
    • Over 2.2bn HTTP DDoS requests targeting Israeli websites were intercepted: Newspapers and media made up almost 40% of all attacks in Q4.
    • There was a 618-fold surge in DDoS attacks on Environmental Services websites: This coincided with the 28th United Nations Climate Change Conference (COP 28).
    • Cryptocurrency was the most attacked industry by attack volume: This was followed by the gaming and gambling sectors in the last quarter of 2023.
    • China was the #1 most attacked country: Network-layer attacks comprised 45% of all attacks recorded in the firm for the quarter.