The 2024 Application Security Threat Report highlights the increasing risks faced by apps outside firewalls, with attack likelihood rising to 65%. It emphasizes how growing app usage, AI integration, and evolving attack techniques pose serious threats across industries and device types. #AppThreats #Jailbreaking
Keypoints
- The report follows a typical structure including an introduction with key findings, terminology definitions, analysis of risk levels by industry, device type, and app popularity, as well as detailed insights into app instances and threat mitigation strategies.
- Overall app attack risk increased from 57% in 2023 to 65% in 2024, driven by democratization of hacking tools, rising use of AI by both developers and cybercriminals, and increased jailbreak and rooting activities.
- High-risk sectors include gaming and financial services, with attack likelihood reaching 76% and 67%, respectively, both rising from the previous year. Broader industries also face significant threats from diverse vectors like medical devices and connected car apps.
- Both Android and iOS platforms experienced surges in attack rates, with Android at 70% and iPhone at 94%. Jailbreaking and code modification attacks notably increased, especially on Android devices, raising the risk of integrity breaches.
- The analysis revealed no correlation between an app’s popularity and attack frequency; less popular apps often face higher risks, emphasizing data sensitivity and value over user base size.
- Reverse engineering, environment validation, and code integrity are key guards to defend against threats at the app instance level, with significant odds (up to 96%) of attacks happening if protections are not properly implemented.
- Faster development and AI tools have enabled threat actors to accelerate malware creation and attack deployment, posing urgent challenges for security teams who must integrate protections early in the development lifecycle.
- Digital.ai offers comprehensive security solutions including obfuscation, tamper detection, visibility, and automated threat responses to help organizations defend in the wild.
- The methodology relied on anonymized data from Digital.ai’s global customer base, collected over four weeks in early 2024, providing a robust snapshot of current threat landscapes.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)