DDoS attacks on APIs have become increasingly problematic, as revealed by the StormWall analytical center's latest report, which indicates these attacks doubled in the fourth quarter of 2024 compared to the same period last year. A staggering 70% of these targeted the retail and banking sectors, underscoring the urgency for these industries to strengthen their defenses.
During this reporting period, retail faced 38% of the DDoS attacks—representing a significant surge of 26%—while the banking sector encountered 32% of attacks, which translates to a 22% increase. The rise can be attributed to heightened consumer activity during major shopping events like 'Black Friday' and the ever-growing preparation for the New Year holidays. This peak period saw substantial increases in payment transactions, drawing the attention of hackers eager to exploit possible vulnerabilities.
StormWall notes, “DDoS attacks on APIs are aimed at overloading servers processing API requests, which makes the API unavailable to legitimate users.” This new wave of attacks often mimics legitimate traffic, which complicates detection efforts compared to more traditional attacks such as HTTP Flood. Because request patterns from APIs can appear innocuous, hackers are able to infiltrate systems without immediate detection, making this persistent threat hard to eliminate.
Experts warn about the dire consequences associated with these attacks. The impacts include not only immediate service outages but also significant reputational damage. For online retailers, downtime is devastating; they risk losing customers to competitors due to accessibility issues. Likewise, banks face potential transaction failures, which can lead to customer distrust.
“The main negative consequences of such attacks include loss of service availability, which leads to downtime, degraded user experience, financial losses due to business process disruption, and reputational damage,” StormWall adds, emphasizing the foundational problems these attacks create for businesses.
Interestingly, these DDoS attacks require little effort to initiate. The allure for attackers lies within the chaos of the holiday shopping season when operational focus is stretched thin. With increased transactions, employees are often more distracted, opening up windows of opportunity for infiltration. For example, just recently, customers from the home internet and services operator Beeline reported outages across various systems, with their infrastructure subjected to DDoS attacks.
Looking forward, businesses must prioritize the establishment of safety protocols against DDoS attacks on APIs. Recommended measures include the implementation of systems for traffic monitoring to identify anomalies, employing Web Application Firewalls (WAF) to filter out harmful traffic, and ensuring regular data backups and incident response plans are put in place.
With the ever-evolving cyber threat environment and the notable increase in DDoS attacks, retail and banking sectors must be vigilant. Active measures to combat such attacks will not only protect their operations but also improve customer experience and trust.