What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
Super-fast S3 Express storage.
New Graviton 4 processor instances.
Emily Freeman leaving AWS.
I don't use AWS, so none of this will affect me.
Security / Software Development

Navigating the Wild: Application Threat Industry Report

Almost no existing security tools monitor or report on threats to client-side applications. This unaddressed gap raises significant security concerns.
Nov 16th, 2023 9:30am by
Featued image for: Navigating the Wild: Application Threat Industry Report
Image from Mny-Jhee on Shutterstock.

Applications have transcended the confines of controlled environments and have ventured “into the wild” beyond the creators’ grasp. While applications within firewalls have been a staple for decades, the proliferation of smartphones ushered in an era where countless apps, driven by platforms like those introduced by Apple and Google, now exist outside these controlled networks. This shift is pivotal in understanding the threats to applications, as these apps are the ones vulnerable to falling into the hands of threat actors, a reality underscored by the staggering 100 billion mobile apps downloaded in 2021 alone.

Equally important, almost no existing security tools — neither security information and event management (SIEM) technology nor web application firewalls (WAFs) — monitor or report on threats to client-side applications, be it web, mobile or desktop. This unaddressed gap raises significant security concerns and emphasizes the dearth of monitoring and research on these apps.

The recently released 2023 Application Threat Report by delves deep into the realm of application security and reveals the pervasive risks to apps beyond the safety of firewalls.

Industries under Siege

The threat report found that gaming and financial services apps are the most likely targets, facing attack probabilities of 63% and 62%, respectively. Financial apps, being a repository of financial data, become prime targets for malicious actors. Meanwhile, gaming apps attract attacks due to financial incentives, gray-market activities and the allure of “street cred” in online communities.

Industries beyond finance and gaming also grapple with a 54% likelihood of attack. Implantable medical devices, Bluetooth-connected apps for cars and specialized tools used by sectors like oil prospectors and retailers all face similar threats.

iOS vs. Android

The war between iOS and Android isn’t just about user preferences; it’s a battlefield for code security. While the popular belief is that iOS offers better security due to Apple’s closed environment, the reality is more complicated. Both iOS and Android are open platforms, but the key distinction lies in production control: Apple oversees the production of all iPhones, maintaining a level of exclusivity, whereas Google licenses the Android OS to various device makers, making it more open and accessible to threat actors. Android apps face a higher likelihood of being targeted (76% versus 55% for iOS), as Android’s open nature makes it more accessible to threat actors. Additionally, Android apps are more prone to running in unsafe environments such as rooted phones, posing significant risks.

Popular Doesn’t Mean Safe

Contrary to expectations, the report found no correlation between an app’s popularity and its likelihood of being attacked, emphasizing that even widely used applications are vulnerable to cyber threats. In fact, the study demonstrates that many well-known apps face attacks just as frequently as their lesser-known counterparts. This finding underscores the importance of embedding security into applications and is a stark reminder that appearances can be deceiving within the digital landscape.

Preventing Attacks

To safeguard applications, embedding advanced code security throughout the development process is essential. Techniques such as code obfuscation, detection of unsafe environments and customized or automated protections are crucial to defend against reverse engineering from threat actors. Further report analysis comparing guards implemented versus guards triggered among apps revealed significant insights. For both Android and iOS platforms, guards that are frequently implemented often report high triggers, indicating their effectiveness. Surprisingly, guards that are implemented less frequently still report triggers that are just as high, which suggests the potential value of implementing additional guards. This observation shows the dynamic nature of application security — organizations must continually adapt and enhance their protections to keep pace with evolving threats and not approach security with a “set it and forget it” mindset.

Looking Ahead

The report’s data serves as a benchmark, aiding stakeholders in understanding the evolving threat landscape. The confluence of factors such as advanced reverse-engineering tools, cryptocurrencies facilitating criminal activities and the nationalization of attacks contributes to the elevated risk level in 2023. This all boils down to one truth: Organizations need to remain vigilant and proactive to counter these threats effectively.

In a world where apps roam freely, code security cannot be an afterthought. Building robust security measures, understanding the risks associated with different industries and platforms and staying ahead of evolving threats are imperative for any organization relying on digital applications. The 2023 Application Threat Report acts as a beacon, illuminating the path to enhanced application security in the wild digital frontier.

You can access the complete 2023 Application Threat Report here.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.