Digital.ai unveiled findings from its 2024 Application Security Threat Report, which quantifies and emphasizes the widespread risks facing applications operating beyond corporate firewalls, colloquially termed “in the wild”. The report highlights a surge in application attacks, indicative of cybercriminals exploiting the growing dependence on web, mobile, and desktop applications.
The Application Security Threat report examined data about threats identified from monitoring applications under active protection: the likelihood of an app being attacked rose 8% YoY, with gaming apps and financial services apps facing the highest risk of attack at 76% and 67% respectively. The top reasons for the increase in breached applications:
- Tool democratization, like reverse-engineering tools in the hands of hackers
- Increased “jailbreaking” has taken root within the community of hackers
- The surging use of AI/ML increases the productivity of malware developers
“We’re seeing that the appetite for cybercriminals continues to be insatiable,” said Wing To, General Manager of Intelligent DevOps and Security, Digital.ai. “Threat actors are exploiting AI and low-code technologies to attack a growing number of apps—and benefiting from increased precision. Customer-centric enterprises are prioritizing protective measures for the applications their customers rely on daily.”
2024 also saw a significantly sharper uptick in specialized attacks—attacks that violate an application’s integrity through, for example, a malicious change in application code. The likelihood of an app being run with modified code:
- iOS based apps grew from 6% to 20% YoY;
- Android based apps grew from 28% to 63% YoY
Specific to mobile applications, both Android and iPhone attacks are surging; Android apps are more likely to be targeted with environmental attacks (94%) than iPhone apps (70%) due to their Open-Source operating system.
The study found no link between the popularity of an app and frequency of attack.
Survey Methodology
Digital.ai has hundreds of application security customers worldwide who protect over 1 billion instances of applications. The data in this report is anonymized and aggregated global customer data collected over a four-week period from February 1 to February 28, 2024. “Risk,” in this case, is measured from the enterprise creating the application’s perspective. In other words, if 100 enterprises create 100 apps and 58 of those apps experience an attack on one or more instances of that app, the report will state that 58% of apps were under attack.
To read the full Application Security Threat 2024 report, visit the website here.
Related News:
The 2024 Global State of IT Automation Report Unveiled by Stonebranch