According to a new report from Thales, more than 40,000 API incidents were recorded in the first half of 2025. Attackers primarily target the financial sector, telecommunications, and the travel industry.
The figures from Thales’ recent API Threat Report 2025 show that more than 40,000 API incidents were recorded in the first half of 2025. According to the company, this is a worrying increase in the number of cyberattacks targeting the invisible but essential connections between apps, payment systems, and login functionalities.
APIs as the Main Target
“APIs are the connective tissue of the digital economy, but that also makes them the most attractive attack surface,” begins Tim Chang, Vice President of Application Security Products at Thales. Unlike traditional DDoS campaigns that try to overload bandwidth, this attack specifically targeted the application layer.
According to Thales’ recent API Threat Report, more than 40,000 API incidents were recorded in H1 2025, with an average of 220 per day. The attacks are increasingly targeting sensitive data, such as email addresses and payment information, with data scraping accounting for 31 percent of bot activities. Moreover, credential stuffing is increasing by 40 percent, especially for APIs without adaptive multi-factor authentication (MFA).
Financial Sector
The financial sector, telecommunications, and travel industry appear to be particularly vulnerable to API attacks. A notable incident was a record-breaking DDoS attack of fifteen million requests per second against a financial service provider’s API. This attack targeted the API’s application layer rather than the network layer, making it even more difficult for companies to distinguish malicious traffic from legitimate requests.
The Thales API Threat Report emphasizes that APIs are now the primary focus for cybercriminals, who are employing advanced techniques to disrupt businesses.