40,000+ API-Based Cyberattacks Identified in Massive 2025 Spike

There’s been an alarming surge in API-based cyberattacks during the first half of 2025, with researchers from Thales observing more than 40,000 such incidents across 4,000 monitored environments since the start of the year.

APIs are becoming the preferred attack vector of cybercriminals because they can be fully automated, meaning that attackers can execute millions of malicious requests with ease. The attacks in question are often highly sophisticated in nature, and thus, harder to detect and deter.

Security experts face an unprecedented challenge. In 2025, the threat landscape is constantly shifting, with bad actors deploying new and increasingly complex methods to dupe unsuspecting businesses and individuals. And with most institutions woefully underprepared for this worsening situation, things could get a lot worse before they start getting better.

More Than 40,000 API-Based Attacks Have Been Detected

New research from Thales finds that over 40,000 API-based cyberattacks have been detected since the start of the year, heralding a massive spike in attacks of this kind. Examining over 4,000 different environments during the first half of 2025, the API Threat Landscape Report concludes that APIs are the new attack vector of choice for many cybercriminals.

APIs, or application programming interfaces, enable two different pieces of software to communicate with one another. They’re the bedrock of modern technology organizations — and thus particularly valuable targets for illicit actors.

What’s more, targeting APIs doesn’t require the same degree of human interaction, so attackers can launch fully automated campaigns to execute a high volume of malicious requests with minimal involvement.

Findings Indicate That Attack Vectors Are Shifting

Among the other findings, the Thales report concludes that data is still king, with cybercriminals seeking data access in 37% of cases. The next most popular targets are checkout and payment (32%) and authentication (16%).

The report also finds that attackers are harnessing bot activity to carry out an extraordinarily high portion of their campaigns. According to the data, 44% of “advanced bot activity” now targets APIs — despite API-based attacks comprising just 14% of all attacks. This disproportionate focus suggests that they recognize that APIs represent a potential goldmine — and points to a future in which they double down on their efforts.

What’s more, Thales researchers observed situations in which individual campaigns were able to generate application-layer distributed denial-of-service attacks that reached 15 million requests per second. In other words, today’s bad actors are exhibiting a high level of ambition and coordination in their campaigns.

Cybersecurity Landscape Going From Bad to Worse

It’s a tough time to be a cybersecurity employee. Week after week, the evidence grows that attacks are becoming more frequent and harder to detect. It was recently reported that attempted breaches of educational facilities were on the rise, while at the same time, scammers are impersonating cybercrime agents themselves.

To make matters worse, the business world is unable to cope with this surge in illicit activity. Insufficient cybersecurity budgets, coupled with a yawning talent gap, have stranded many companies with a problem that is becoming harder and harder to cope with.

A good place to start is upskilling your existing workforce. As our own research indicates, there’s a shocking lack of cybersecurity acumen across the tech landscape, with 98% of senior leaders unable to identify all the signs of a phishing scam. One thing is certain: the current situation is unsustainable, and without drastic action, the results could be catastrophic.