API attacks are specific to cloud-based services as they often provide public-facing application programming interfaces (APIs) for users and services to interact with the cloud environment. An attacker exploiting these APIs could potentially gain unauthorized access or disrupt services. Direct access attacks are more relevant to physical access in on-premises environments. While DDoS and ransomware attacks can affect both cloud-based and on-premises systems, they are not unique to cloud environments, making API attacks the correct answer as they are distinct to cloud services.