Akamai releases Defenders’ Guide 2025 for APJ region

Akamai Technologies has released the Defenders' Guide 2025 to aid cybersecurity professionals in the Asia Pacific and Japan (APJ) region in tackling emerging cyber threats.

This report, part of Akamai's State of the Internet (SOTI) series, addresses the growing cybersecurity challenges, including VPN abuse and cross-site scripting vulnerabilities.

APJ has become the second most targeted area globally for web application DDoS attacks, witnessing a fivefold increase in such incidents compared to the previous year.

Parimal Pandya, the Senior Vice President and Managing Director of Akamai Technologies APJ, highlighted the dual nature of the digital transformation in the region. "APJ continues to be a key growth driver for businesses, fueled by rapid digital transformation and a dynamic economic landscape. However as organisations accelerate their digital initiatives, the region remains a prime target for increasingly sophisticated cyber attacks, particularly AI-driven attacks," he said. He emphasised that security should facilitate business growth, not hinder it, and noted the guide's role in providing security leaders with practical insights. "Akamai's latest research empowers security leaders across APJ with actionable insights into critical threats, ranging from VPN vulnerabilities to advanced malware techniques, so they can build resilient, research-driven defences that support their business objectives."

The Defenders' Guide 2025 introduces a new risk scoring model aimed at quantifying organisational vulnerabilities through factors such as application importance and network complexity.

The insights provided include endpoint impact analysis and segmentation strategies, with suggestions on mitigating both internal and external risks.

Additionally, the guide delves into the phenomenon of malware metamorphosis by examining botnet families like NoaBot and RedTail, which utilise advanced tactics such as peer-to-peer architectures and fileless malware. It proposes steps like patch management and employee training to address these threats.

With remote and hybrid work models prevalent, VPNs have become essential for many organisations in APJ. Despite the advantages of Zero Trust Network Access (ZTNA), many continue to rely on VPNs, exposing them to security vulnerabilities.

The guide includes new research on VPN abuse, offering solutions such as secure LDAP protocols and regular firmware updates to mitigate threats.

The persistence of cross-site scripting (XSS) vulnerabilities remains a concern, with improper user input handling leading to potential security risks. The guide advocates a "defense in depth" strategy to mitigate these risks, encouraging layered security measures to protect against XSS.

Given the increasing adoption of container technologies like Kubernetes, the guide also addresses security challenges specific to these environments. The analysis of Kubernetes vulnerabilities points to the necessity of proactive measures such as patching and continuous vigilance.

The Defenders' Guide 2025 serves as a comprehensive tool for organisations looking to enhance their cybersecurity frameworks, providing insights into the latest threat landscapes and offering tangible guidance on fortifying defences.