In the last few years, attackers are increasingly shifting their focus from infrastructure to applications, exploiting vulnerabilities that traditional security measures cannot protect. This blog explores the reasons why attackers have shifted their attention to applications.

Industry Leaders Agree: Cloud Application Attacks Are on the Rise

According to the "2024 Data Breach Investigations Report" by Verizon, vulnerability exploitation has seen significant growth, particularly targeting cloud-native applications. The report notes, “Vulnerability exploitation almost tripled from last year, with attackers increasingly targeting application-layer vulnerabilities.” This trend underscores the urgent need for application-specific security measures.

The "2024 State of Application Security Report" by CrowdStrike, further highlights this shift, noting that eight out of the top ten data breaches of 2023 were related to application attack surfaces, exposing around 1.7 billion records. This indicates a clear trend where applications are becoming the primary target for attackers.

Gartner echoes this sentiment, stating, “Attackers have shifted their attention to applications, making it evident that security leaders need to focus on application protection.” As applications become more interconnected and complex, they present a broader attack surface that traditional infrastructure-focused security tools cannot adequately protect.

“Attackers have shifted their attention to applications, making it evident that security leaders need to focus on application protection.” Gartner, 20 November 2023

Why Have Attackers Shifted Their Attention to Applications?

1. Most Vulnerabilities Hide Within the Application Level, Not Infrastructure

The fact that there are more vulnerabilities in the application level than the infrastructure level, means that it is easier to exploit applications than infrastructure.

2. Application Vulnerabilities come in all shapes and sizes

Vulnerabilities with a CVE ID, CVE-less (e.g. vulnerabilities without a CVE-ID), library misconfigurations, malicious packages, and even AI-hallucinations and zero-days.

3. Applications Offer a Diverse Attack Surface

Applications often have multiple entry points, such as APIs, web interfaces, and mobile apps, increasing the potential attack surface. Furthermore, user inputs, file uploads, and other dynamic interactions can be exploited if not properly sanitized.

4. The Application Level is More Dynamic

Applications undergo frequent code changes, which makes dealing with vulnerabilities more complex. The dynamic nature of application development, with continuous integration and continuous deployment (CI/CD) pipelines, means that new vulnerabilities can be introduced regularly.

5. 70% of Application Code Comes from OSS

Open Source Software (OSS) comprises about 70% of application code, and it is known to be more prone to vulnerabilities. The "CrowdStrike 2024 State of Application Security Report" emphasizes that while OSS provides great benefits in terms of cost and innovation, it also introduces significant security risks. The widespread use of OSS components means that a vulnerability in one component can have far-reaching consequences.

6. Application Vulnerabilities Are Harder to Fix

Fixing application vulnerabilities often requires code changes, which are much more challenging than addressing infrastructure vulnerabilities. The remediation of application-level vulnerabilities involves coordination across development teams, thorough testing, and careful deployment to avoid disrupting service.

7. Cloud Infrastructure Security Has Become a Commodity

As infrastructure defenses have improved and grown in popularity, attackers have adapted and are now exploiting the vulnerabilities of applications.

The time for Runtime Application Detection and Response (ADR)

In the face of increasing threats to cloud-native applications, relying solely on cloud infrastructure security (CNAPP) and traditional WAFs is insufficient. Runtime ADR is a critical layer of security that provides the necessary visibility, contextual awareness, and integration with development processes to protect applications effectively. By adopting Runtime ADR, organizations can enhance their security posture, reduce false positives, and respond more effectively to sophisticated attacks. Book a demo today to discover Raven’s Runtime ADR.

‍