Mobile Security Firms Step Up Protection as App Attacks Accelerate

Better cybersecurity may soon come to a mobile app you use in time to defend against a rising wave of data breaches, malware assaults, and AI-powered bot attacks.

On January 23 Mobile app security firm Appdome released technology upgrades to its mobile app security tools. The new digital defensive product will help shield against over 100 attack vectors plaguing the digital realm.

More than just another security solution, MobileBot Defense offers a comprehensive safeguard designed to tackle the increasingly sophisticated threats in the mobile channel. Key features include a robust defense against fake, weaponized, and malware-controlled apps.

Moreover, the product offers a powerful barrier against bot attacks and credential stuffing, which have become prevalent methods for cybercriminals to bypass standard security measures. These attacks can lead to massive data breaches, causing businesses significant financial and reputational damage.

It can also thwart DDoS attacks that can cripple an entity’s online services and prevent account takeovers that can lead to unauthorized access to user accounts. Both have severe implications for the business and its customers.

The new capabilities via extensions to MobileBot Defense make it fully portable to any web application firewall (WAF). These extensions can save mobile brands millions of dollars, extend the useful life of existing WAF infrastructures, and drive down the cost of extending bot defense to the mobile channel, according to Appdome.

Mobile apps typically face a much larger attack surface than web apps, and the threats are much more varied and complex. They also suffer the risk of being hit with an increasing number of malicious bot attacks on mobile apps, a significant and concerning trend in the cybersecurity landscape, according to Alan Bavosa, vice president of security products at Appdome.

These include device/OS threats such as rooting/jailbreaking, rootkits/root hiding/jailbreak and root detection bypass, emulators/simulators/virtualization tools, and kernel-based attacks. Add to this list application threats such as auto-clickers, code injection, overlay attacks, and fake apps/clones, as well as network-based threats, such as MitM attacks, SSL pinning bypass, malicious proxies, session replay attacks, and more.

In today’s uncertain economic climate, retailers increasingly emphasize mobile apps to fuel business growth and maximize return on investment. To achieve success, however, retailers must do more than just develop a native mobile app for their key audiences, according to Lawrence Snapp, CEO of AI-powered app developer Bryj.

Mobile security platform developer Zimperium stated in its Global Mobile Threat Report 2023 that there was a 51% increase in the total number of unique mobile malware samples. This surge is primarily due to mobile devices being the main endpoint for personal and professional use, making them prime targets for attackers.

Transitioning to mobile ID technology could provide an added alternative to traditional mobile app security. One of the reasons why the transition toward mobile IDs is occurring at such a pace is that they are far harder to fake when compared to physical IDs, which can be duped, stolen, counterfeited, or manipulated in a variety of sophisticated and rudimentary ways, suggested Andrey Stanovnov, co-founder and CTO at IDScan.

Unlike other anti-bot products, users can employ Appdome’s Defense platform with any cloud, hosted, or on-premises web application firewall. Further, it does not require a software development kit (SDK), mobile app code changes, or servers and offers full support for all mobile languages and frameworks.

Appdome also released real-time visibility of bot attacks in its ThreatScope Mobile XDR.

The new bot detection and analytics service allows mobile brands to measure, track, investigate, report, and respond to threats and attacks across the WAF infrastructure. It provides SOC-class visibility into mobile bot attacks and threats with a full drill-down on attacks against specific apps, devices, OSs, releases, and more, all without a separate analytics package, SDK, or device agent.

Appdome brings a measure of uniqueness to its security platform. MobileBot Defense includes a new rate-limiting feature in the app that stops mobile DDoS attacks at the source. Mobile brands can define Appdome Rate Limiting by setting thresholds for the number of attempts allowed to an endpoint within specific time intervals.

On the security side, the tools, products, and services legacy security companies offer, such as SDKs, are manual and require the work of coding and constant code updates/changes. That places extreme demand on the most resource-challenged organizations — mobile dev/engineering.