Digital.ai 2024 Application Security Threat Report Highlights Threats to Apps in the Wild
Nearly two-thirds of all monitored applications with active protection are under attack.
Note: TDWI's editors carefully choose vendor-issued press releases about new or interesting research and services. We have edited and/or condensed this release to highlight key study results or service features but make no claims as to the accuracy of the vendor's statements.
Digital.ai, a technology company helping Global 5000 enterprises automate software delivery through its AI-powered DevSecOps platform, today announced the results of its 2024 Application Security Threat Report, quantifying and emphasizing the pervasive risks to applications that run outside corporate firewalls ("in the wild"). The results show that the frequency of application attacks is rising as cyber criminals continue to prey on the increasing reliance on web, mobile and desktop apps.
The report examined data about threats identified from monitoring applications under active protection: the likelihood of an app being attacked rose 8% year over year, with gaming apps and financial services apps facing the highest risk of attack at 76% and 67% respectively. The top reasons for the increase in breached applications:
- Tool democratization, such as reverse-engineering tools in the hands of hackers
- Increased “jailbreaking” has taken root within the community of hackers
- The surging use of AI/ML increases the productivity of malware developers
“We're seeing that the appetite for cybercriminals continues to be insatiable,” said Wing To, general manager of intelligent DevOps and security at Digital.ai. “Threat actors are exploiting AI and low-code technologies to attack a growing number of apps—and benefiting from increased precision. Customer-centric enterprises are prioritizing protective measures for the applications their customers rely on daily.”
The report also noted a significantly sharper uptick in specialized attacks—attacks that violate an application’s integrity through, for example, a malicious change in application code. The likelihood of an app being run with modified code:
- iOS-based apps grew from 6% to 20% year over year
- Android-based apps grew from 28% to 63% year over year
Specific to mobile applications, both Android and iPhone attacks are surging; Android apps are more likely to be targeted with environmental attacks (94%) than iPhone apps (70%) due to their open source operating system.
The study found no link between the popularity of an app and frequency of attack.
Survey Methodology
Digital.ai has hundreds of application security customers worldwide who protect over 1 billion instances of applications. The data in this report is anonymized and aggregated global customer data collected over a four-week period from February 1 to February 28, 2024. “Risk” is measured from the enterprise creating the application’s perspective. In other words, if 100 enterprises create 100 apps and 58 of those apps experience an attack on one or more instances of that app, the report will state that 58% of apps were under attack.
For more information about Digital.ai, visit Digital.ai. To read the full 2024 report, click here (no registration required).