App security threat report results from Digital Ai

Digital.ai announced the results of its 1st annual Application Security Threat Report, illuminating and quantifying the risks to applications in the wild. The results reveal that 57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) the most likely to be attacked. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps are more likely to be put in unsafe environments (76%) than iOS apps (55%). Android apps are also more likely (28%) to be run with modified code than iOS apps (6%). Digital.ai surveyed its application security customers around the globe, based on point-in-time data collected from February 1 -  February 28, 2023.

Digital.ai’s Threat Analytics Report study helps security professionals identify threats to apps so that they can better apply defenses to apps.

“There were a staggering 100 billion mobile app downloads in 2021 alone. Between curious actors and threat actors, the reasons and motivations for attacks on any app are varied and increasing. In lucrative industries such as gaming and financial services, there is money to be made and desirable “street cred” from hacking games. Our customers have determined that building security into their apps is the best way to prevent attacks on their apps," said Greg Ellis, General Manager, Application Security, Digital.ai.

A confluence of factors helps to explain the high likelihood of an attack in 2023.

The pace of tool democratization among threat actors has accelerated. Reverse-engineering tools such as Ghidra and dynamic instrumentation toolkits such as Frida have recently become more sophisticated and popular.

The advent of cryptocurrencies and P2P payment apps makes it much easier for threat actors to “cash out” of schemes, particularly if ransomware is involved.

The nationalization of attacks has opened up enormous resources for threat actors.

“Application owners know all too well the pressures of creating more apps, faster, especially with the addition of AI-code assist tools. This leads to security getting short-changed; it is often not included in the DevOps process or it is seen as an impediment without an obvious starting point. Digital.ai's platform enables teams to inject security capabilities and procedures early into the development cycle, without blocking innovation or slowing down the development and delivery process. This means security teams can monitor applications in production for better visibility into when apps are at risk," said Derek Holt, CEO, Digital.ai.

Risks to apps by industry

After analyzing results from multiple industry sectors, the study found that gaming (63%) apps and FinServ apps (62%) are the most likely to be attacked. The stakes are high in in the $250B gaming industry. Selling pirated games in grey-market app stores such as Cydia can give hackers direct income. In addition, money can be made in the micro-economies that popular games create and foster. Those who crack the most protected games are often hailed within the gaming community and are considered worthy of respect.

Apps outside of FinServ and gaming, such as implantable medical devices, Bluetooth-connected phone apps, retail, and more, have a 54% chance of being attacked.

Digital.ai has hundreds of app security customers worldwide who protect over 1 billion instances of applications. It offers application security solutions that build security into apps in multiple ways.
 

• Embedding security into the application development process
• Obfuscate code to prevent reverse-engineering
• Prevent tampering by detecting unsafe environments and code changes
• Configure customized or automated protections on-premises or in the cloud
• Providing visibility into at-risk apps
• Produce stand-alone reports or integrate with existing Security Operations Center tools
• Create searchable logs
• See which guards and protections are activated
• Automatically responding to threats
• Force step-up authentication
• Alter app features
• Shut down apps that are under attack
• Create custom tamper responses