sb-nz logo
Story image

Machine identities increasingly exploited, new research finds

Malware attacks are increasingly exploiting machine identities, with this particular breed of threat becoming much more popular between 2018 and 2019.

This is according to threat analysis from Venafi, the provider of machine identity management. The company finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.

The Venafi Threat Intelligence Team gathered data on the misuse of machine identities by analysing security incidents and third-party reports in the public domain.

Overall, malware attacks utilising machine identities grew eightfold over the last 10 years and increased more rapidly in the second half of the decade.

These findings are part of an ongoing threat research program focused on mapping the security risks connected with unprotected machine identities.

According to Venafi, this problem is made more complicated by the explosion of microservices, DevOps projects, cloud workloads and IoT devices on enterprise networks.

Today, there are already more than 31 billion IoT devices worldwide and the number of connected mobile devices is expected to grow to 12.3 billion by 2022.

Between 2018 and 2023, 500 million new logical apps will be created, which is equal to the number built over the past 40 years.

All of these applications and devices must have machine identities to authenticate themselves to each other so they can communicate securely, Venafi states.

However, machines, whether they are an app in a Kubernetes cluster or a serverless function in the cloud, don’t rely on usernames or passwords to establish trust, privacy and security.

Instead, they use cryptographic keys and digital certificates that serve as machine identities. Because most organisations do not have machine identity management programs in place, attacks exploiting machine identities are already causing serious economic damage, the company states.

Venafi threat intelligence researcher Yana Blachman says, “Unfortunately, machine identities are increasingly being used in off-the-shelf malware.

“In the past, machine identity capabilities were reserved for high-profile and nation-state actors, but today we’re seeing a ‘trickle-down’ effect. Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect.

“For example, massive botnet campaigns abuse machine identities to get an initial foothold into a network and then move laterally to infect further targets.

“In many recorded cases, bots download crypto-mining malware that hijacks a target’s resources and shuts down services. When successful, these seemingly simple and non advanced attacks can inflict serious damage on an organisation and its reputation.”

Venafi vice president of security strategy and threat intelligence Kevin Bocek says, “As we continue to move through digital transformation of nearly every essential service, it’s clear that human-centric security models are no longer effective.

“To protect our global economy, we need to provide machine identity management at machine speed and cloud scale. Every organisation needs to ensure they have full visibility and comprehensive intelligence over every authorised machine they are using in order to defend themselves against the rising tide of attacks.”

Story image
Cyberattacks on healthcare organisations "out of control" - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals.More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
SASE vs zero trust – or the best of both worlds
Zero trust and SASE work together by converging a least-privilege access strategy with an architecture that simplifies how highly distributed users, BYOD, and cloud resources are secured.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More