Mobile apps have become an ubiquitous presence in our lives. We use them to check our investment portfolios, order meals, and even find dating partners. But as we increasingly rely on these apps to manage our personal and professional lives, businesses struggle to prevent cyber attacks originating from within the app, and from the billions of app-connected devices. This is where cybersecurity technologies can protect and defend against mobile threats. In this post, we’ll take a look at three related cybersecurity solutions that can help app security professionals protect their organizations from cyber attacks; 1) App shielding, 2) Runtime Application Self-Protection (RASP), and 3) Extended Threat Defense.
App shielding is a process that involves injecting security measures into a mobile app to make it difficult for attackers to access and understand the app’s code. This can include measures such as encryption, code obfuscation, and tamper detection. Mobile app shielding is typically used to protect against static attacks, where the attacker has access to the app’s code and is attempting to reverse engineer it or exploit vulnerabilities. Verimatrix App Shield is a cybersecurity solution that protects mobile apps.
RASP, on the other hand, is a security technology that is built into the app itself. It works by monitoring the app’s runtime environment to prevent attacks in real-time. RASP is typically used to protect against dynamic attacks, where the attacker is attempting to exploit vulnerabilities or manipulate the app’s behavior at runtime. Verimatrix’s app cybersecurity provides advanced solutions like Code Shield that offer RASP-quality protection.
Extended Threat Defense (XTD), a new cybersecurity solution from Verimatrix, helps CISOs, SOC teams, application engineers and mobile app developers predict, prevent, detect and respond to cyberattacks from a new type of mobile risk; attacks from unmanaged devices that are powered by an app. Any business that has an app is at risk.
A common misperception that security professionals might have about security solutions like RASP is that it’s only effective against known threats and attacks. However, this is not the case. RASP is able to prevent both known and unknown threats in real-time, by monitoring the app’s runtime environment and looking for any suspicious or malicious activity. This means that even if a new type of attack is discovered, RASP can still prevent it, making it a powerful tool in the fight against cyber attacks.
Additionally, RASP is often augmented to provide valuable insights and telemetry data that can be used to improve the overall security of the app ecosystem.
Both mobile app shielding and RASP can be effective at protecting against a wide range of cyber attacks. Some examples of actual attacks that could have been prevented if RASP or app shielding solutions were in place include:
- WhatsApp: Malware infections, specifically, can cause immense damage to both individuals and organizations. In 2019, a group of hackers used a malicious app disguised as a legitimate utility app, WhatsApp, to infect the phones of at least 25 million users with malware.^ The malware was designed to steal sensitive information from the user’s device, such as login credentials, credit card information and more. Mobile app shielding and RASP could have prevented the malware from running on the device, thereby avoiding the data breaches and potential financial losses.
- US/European Banks: IBM Trusteer reported that a dangerous hacking group used a mobile emulator to spoof banking customers’ mobile devices to pilfer millions of dollars from banks in Europe and the United States. It was postulated that the attackers used mobile emulators to spoof tens of thousands of compromised devices. They siphoned away PII data to enable mobile emulators to spoof the legitimate devices. The attackers then entered bank account credentials into the apps to create fake withdrawal methods.^^
App shielding and RASP protect against cyber attacks by adding security measures to the app itself, such as encryption, code obfuscation, telemetry and tamper detection, or by monitoring the app’s runtime environment to prevent attacks in real-time. These technologies can significantly reduce the risk of cyber attacks and protect sensitive data.
But why is it so important to have these protections in place? The fastest-growing enterprise security threat today is from mobile apps and the billions of devices that connect to them. The number of mobile devices in use as of 2023 is around 7 billion. All these devices connected to the internet downloaded and use multiple apps. And this number is increasing all the time. This means that the risk can impact of cyber attacks will also increase. In fact, McKinsey estimates that the damage from cyberattacks will amount to about $10.5 trillion annually by 2025.* Both mobile app shielding and RASP can be essential components for providing cybersecurity for mobile apps.
There are several cybersecurity vendors in the market who provide mobile app security such as RASP and app shielding, or who offer mobile threat defense for managed employee devices, but few vendors protect mobile apps plus defend the enterprise against the myriad of unmanaged devices powered by those apps. Examples of unmanaged connected devices include consumer smartphones, overnight delivery tablets, payment POSs, smart home appliances, keyless car technologies, and more.
Verimatrix XTD empowers customers to mitigate cybersecurity risks, safeguard consumer data, and protect their valuable reputations. Verimatrix XTD incorporates the latest mobile runtime application self-protection and app shielding technology to help app development and SOC security teams deploy comprehensive mobile security solutions; but it goes so much further – by adding advanced intelligence not seen before when protecting unmanaged devices running consumer mobile apps.
In closing, mobile apps have become an integral part of our lives, and we trust them with our personal and professional data. But as our reliance on these apps continues to grow, and as more and more businesses become app companies (whether they realize it or not), so does the potential for cyberattacks. For mobile-dependent companies, the cyber risk from mobile is real.
RASP and app shielding offer security measures focused on preventing static and dynamic attacks at the app-level – and they should be used in conjunction with other cybersecurity solutions such as mobile threat defense that monitors threats at the unmanaged device-level. Only a comprehensive security umbrella will protect against a wide range of cyber threats.
^ Source: https://www.forbes.com/sites/thomasbrewster/2019/07/10/25-million-android-phones-infected-with-malware-that-hides-in-whatsapp/?sh=6ad077494470
^^ Source: https://www.bankinfosecurity.com/attackers-use-mobile-emulators-to-steal-millions-a-15623
* Source: https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers
See how we can help protect your business:
- Mobile applications and APIs
- Video content
- Digital payments