Equipped with AI tools, hackers make apps riskier than ever

An application is more likely to be attacked over a four-week period in 2024 than it was a year back, and the odds are rising by the day, according to a Digital.ai report.

Gathering data from its App Aware customers, a threat monitoring system used globally, the Digital.ai report emphasized pervasive risks to applications running outside the corporate firewall (“in the wild”) have been specifically rising.

“Enterprises are meeting consumer demand for mobile apps by giving them more and more options,” said Dan Shugrue, product marketing manager at Digital.ai. “The apps they are making for consumers can and do live outside of (corporate) firewall. And in most cases, those same apps have access to the same back office behind the firewall.”

Tool democratization, increased jailbreaking and the surging use of AI or ML were identified as the top reasons pushing the likelihood of attacks.

Applications more likely to be attacked in 2024

The likelihood of an attack on an application within a four-week period is expected to rise 8% year on year in 2024. In terms of mobile applications, both Android and iPhone attacks are expected to shoot up dramatically, with the likelihood of attacks on these platforms placed at 94% and 70%, respectively for 2024.

Android-based devices were found more likely to suffer attacks than iPhones, due to their open source operating system, the report added.

“As more and more apps are being offered to the public, there is a relative paucity of data on threats to those apps,” Shugrue said. “One of the goals of this report seeks to begin to remedy that situation.”

The report also highlighted that gaming and financial services applications face the highest risk of attacks at 76% and 67%, respectively.

“Gaming and Financial Services are sectors that have very large user bases as well as a direct link to a financial impact, so I’m not surprised they are the highest risk of attacks and is consistent with my research,” David Vance, senior analyst at ESG Global, said about the finding.

AI/ML advancements among top pushers

The evolution of various AI and ML tools has increased the productivity of malware developers, the report noted. “Surging use of AI/ML dramatically increases the productivity of both app developers and malware developers, resulting in more apps to attack and more attack vectors in use,” Digital.ai said in the report.

“The increased adoption of AI/ML technologies has a couple of major implications. First, for organizations adopting and using AI/ML themselves, that represents another attack surface that needs to be secured and protected against data loss, manipulation/tampering, and IP theft,” Vance said. “Second, attackers are increasingly using AI/ML to boost their productivity for malicious intent such as AI/ML powered bot attacks and writing malware code as the report points out.”

Tool democratization — refers to the general availability of technologies to reverse engineer applications or modify codes — and increased jailbreaking in the hacker’s community have been identified as other key drivers of the attacks.

While it can be difficult to reason why the attacks of such type have gone up, Shugrue added, it stands to reason that unethical hackers are becoming just as good at using AI to write malware and to analyze working apps as the ethical developers are at using AI to create apps in the first place. 

“As long as I can remember, ‘cracked’ apps have been available that bypassed copy protection or legitimate licensing,” Vance said. “In the 1980s illegal cracked apps were harmless and didn’t have any negative implications for the end user. However, cracked apps and jailbroken operating systems are now routinely infected with keyloggers or malicious code.”

Working to keep cracked or jailbroken systems away from corporate networks is a must, he added. According to the report, obfuscating code against reverse engineering, having detection mechanisms in place for unauthorized code changes, and configuring customized or automated protections on-premises or in the cloud can help protect against these attacks.