API Attacks Surge: 40,000 Incidents in H1 2025 Threaten Businesses Worldwide
Businesses worldwide are grappling with a surge in illicit cyber security activity, with APIs emerging as a new front. The Thales 2025 API Threat Report reveals a staggering 40,000 API-based attacks in just the first half of the year, targeting sectors like financial services, telecommunications, and travel.
Cybersecurity professionals are battling a tough landscape. Attacks are escalating in frequency and sophistication, with APIs now in the crosshairs. APIs, integral to modern business, facilitate communication between software. However, they're under siege, with bots accounting for 44% of advanced bot activity, a significant increase from 14% of all attacks.
The report highlights alarming trends. Over 4,000 environments detected more than 40,000 API-based attacks. Data access was the target in 37% of these incidents. Moreover, API-based attacks can generate application-layer distributed denial-of-service attacks, reaching a staggering 15 million requests per second.
Businesses are struggling to keep up, hamstrung by insufficient budgets and talent gaps in cyber security. As APIs become increasingly vital, so does their protection. The report underscores the urgent need for robust API security measures and investment in cyber security talent.
