Web attacks in EMEA hit two-year high, Akamai warns

Akamai has published research showing that web attacks in Europe, the Middle East and Africa have reached a two-year high, with attack volumes in the region up 36% year on year.

The figures are part of Akamai's 2026 Apps, APIs, and DDoS State of the Internet report, which also found that application-layer DDoS attacks rose 104% worldwide over the past two years. In EMEA, Layer 7 DDoS attacks increased 37% year on year, reaching 188 billion in November 2025.

The report identifies APIs as a key point of weakness as organisations expand their use of artificial intelligence tools and connected applications. It found that 87% of organisations surveyed reported an API-related security incident in 2025, while the average number of daily API attacks rose 113% year on year.

Web attack attempts across the region have been climbing since early 2024, with a sharp jump in the final quarter of 2025. In that quarter, the average number of attack attempts was 69% higher than in each of the previous seven quarters.

Sector targets

Retail and manufacturing were among the most exposed sectors in the EMEA data. Retailers faced 15.5 billion web attack attempts in 2025, while manufacturers recorded 12 billion, bringing the combined total to 27.5 billion.

That figure represented a 30% annual increase. The findings warn that attacks at this scale can lead to long recovery periods and put pressure on organisations with uneven security resources.

The report also suggests the broader web application threat picture is worsening, with web application attacks rising 73% globally between 2023 and 2025.

DDoS pressure

EMEA has become the most targeted region for Layer 3 and Layer 4 DDoS attacks, with 4,750 incidents recorded over the past two years. Peaks in activity closely tracked geopolitical events and periods of heightened hacktivist activity.

The data also points to a shift in attack methods, with threat actors moving from more manual operations to automated, repeatable campaigns. Attackers are increasingly combining API abuse, web application attacks and Layer 7 DDoS activity within the same operations.

Akamai linked that shift to the wider availability of rentable botnets and attack scripts, which lower the cost and technical barrier to launching disruptive campaigns. It also highlighted the role of so-called DDoS-for-hire services and botnets derived from Mirai, including Aisuru and Kimwolf, in supporting both criminal and hacktivist groups.

Patrick Sullivan, Chief Technology Officer of Security Strategy at Akamai, said the focus has shifted away from attacks designed mainly to generate publicity. "Attackers increasingly focus on degrading performance, driving up infrastructure costs, and exploiting AI-driven automation at scale, rather than seeking headline-grabbing campaigns," he said.

He said automation is changing the economics of online attacks. "Automation and AI are making these sophisticated campaigns cheap, repeatable, and fast. And as enterprises invest heavily in AI transformation, attackers are targeting the APIs that power that transformation," Sullivan said.

Security gaps

The findings argue that many organisations still treat application security and API security as separate issues, even though attackers exploit them together. That separation creates blind spots, making it easier for attackers to move across systems through a single route of compromise.

The report also flagged risks from "vibe coding", a term for software built quickly with AI assistance, warning that it can introduce vulnerabilities and misconfigurations that reach production without adequate testing. That issue comes alongside the growth in politically motivated DDoS activity and the spread of low-cost automated attack tools.

The annual report draws on traffic and attack data observed across Akamai's cybersecurity infrastructure. Its clearest regional warning is the sharp rise in web attacks in EMEA, where the latest quarter stood well above the levels recorded across the previous seven quarters.