This is based on one cybersecurity and cloud computing firm’s two year analysis.

Based on its internal user base traffic data for application-layer alerts (Layer 7 DDoS incidents) for a 24-month period from 1 Jan 2023 to 31 Dec 2024, a cybersecurity and cloud computing firm has released some findings to the public.

First, for the period of analysis, customers in the Asia Pacific and Japan (APJ) region had been shown to have experienced a 73% increase in web application attacks year-over-year: the highest percentage increase globally.

Second, in 2024 data, the APJ region recorded a total of 51bn web application attacks, up from 29bn in 2023 data. The finding is that the increase is “closely tied to the rapid adoption of AI applications”.

Other findings

Third, the countries most targeted by web and API attacks in APJ were Australia (20.3bn), India (17.3bn) and Singapore (15.9bn); followed by Japan (6.3bn), China (6.2bn), South Korea (4.9bn), New Zealand (2.9bn), and Hong Kong SAR (2.2bn). Also:

  • Across APJ data, the most attacked industries were financial services (over 27bn web attacks), followed by commerce (over 18bn web attacks), likely linked to accelerated adoption of emerging technologies such as AI.
  • For 2024, the data showed the total number of web and API attacks was 311bn, a 33% increase over the firm’s data for past years.
  • 150bn API attacks were counted in the firm’s two-year data set. During this period of analysis, a 94% increase in Layer 7 (application layer) DDoS attacks had occurred, amounting to 7tn attacks globally, with customers in the high-technology sector being the most impacted industry. Shadow and zombie APIs were noted as particularly vulnerable attack vectors.
  • Monthly attacks had risen from 500bn in early 2023 to more than 1.1tn by the end of 2024. HTTP floods remained the leading Layer 7 DDoS threat, targeting web apps and APIs with persistent severity.
  • APJ data saw a 66% year-over-year growth in Layer 7 DDoS attacks (the second most targeted region globally) and reached a 24-month high, peaking at 504bn in December 2024. The region experienced 7.4tn attacks over the two years, with digital media platforms, including social media and commerce channels the most impacted sectors.
  • Over 230bn web attacks in the data had targeted commerce organizations,making it the most impacted industry globally, followed by the high technology industry.
  • In the data, OWASP API Top 10-related incidents had increased by 32%, while security alerts related to the MITRE security framework were up 30% in the two-year period.

According to Reuben Koh, Director of Security Technology and Strategy, Akamai Technologies (APJ), the firm disclosing its two-year data findings: “As threat actors escalate their attacks in both scale and sophistication, security strategies must thus adapt accordingly.” 

The firm has issued recommendations for adopting “a shift-left security approach, strengthening API governance, and deploying AI-powered defenses to detect and mitigate evolving threats.”