Application attacks are on the rise across EMEA. As reported by Akamai in its State of the Internet report, monthly attacks on APIs and web applications in the first six months of 2024 in Europe, the Middle East and Africa (EMEA) are growing exponentially. The report Digital Fortresses Under Threat: How to Protect Modern Application Architectures highlights how 40% of these web attacks target APIs. This figure is not surprising, given the high adoption of APIs in EMEA, which is partly due to regulations.

The number of DDoS attacks on layers 3 (Network) and 4 (Transport) also grew steadily in EMEA, surpassing the figure recorded in North America in five of the last seven months analysed. The financial services sector bore the brunt of the attack, with 1,523 attacks. The manufacturing sector came in second, with 890. Russian hacktivist groups declared their intention to launch DDoS attacks on the European banking system, and we assume that the main reason for the increase in DDoS attacks on the financial services sector is this geopolitical hacktivism.

The report “Digital Fortresses Under Threat: How to Protect Modern Application Architectures” sheds light on several points:

● The three countries most affected by attacks on web applications and APIs were Spain (12.7 billion), the Netherlands (15.6 billion) and the United Kingdom (20.5 billion).

● Retail was the sector most affected by web attacks in EMEA, with many attacks on APIs, and also by DDoS attacks on layer 7 (Application).

● Layer 7 DDoS attacks targeting APIs remained fairly stable at 25%.

● In EMEA, the areas with the highest number of layer 7 DDoS attacks were Germany (461 billion) and the UK (366 billion), followed by Sweden (167 billion).

In the words of Francisco Arnau, Akamai Regional Vice President for Spain and Portugal: “Europe is suffering from a flood of API attacks. Applications facilitate communications, but they can also be a company’s Achilles heel if not effectively protected. The increase in attacks on web applications and APIs in EMEA underlines the importance of properly protecting networks to prevent this larger attack surface from being exploited. Beyond the economic and reputational damage, it is a question of compliance with essential European directives such as NIS2 and DORA.”