sb-nz logo
Story image

Malware attacks abusing machine identities grew eightfold over the last 10 years - report

Commodity malware campaigns utilising machine identities are increasing rapidly, warns machine identity management firm Venafi.

The company says malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as TrickBot, Skidmap, Kerberods and CryptoSink.

The Venafi Threat Intelligence Team gathered data on the misuse of machine identities by analysing security incidents and third-party reports in the public domain. Overall, malware attacks utilising machine identities grew eightfold over the last 10 years and increased more rapidly in the second half of the decade. 

The findings are part of an ongoing threat research program focused on mapping the security risks connected with unprotected machine identities.

 “Unfortunately, machine identities are increasingly being used in off-the-shelf malware,” says Yana Blachman, threat intelligence researcher at Venafi. 

“In the past, machine identity capabilities were reserved for high-profile and nation-state actors, but today we’re seeing a ‘trickle-down’ effect.

"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect. 

"For example, massive botnet campaigns abuse machine identities to get an initial foothold into a network and then move laterally to infect further targets. In many recorded cases, bots download crypto-mining malware that hijacks a target’s resources and shuts down services. When successful, these seemingly simple and nonadvanced attacks can inflict serious damage on an organisation and its reputation.”

This problem is made much more complicated by the explosion of microservices, DevOps projects, cloud workloads and IoT devices on enterprise networks, Venafi says.

Today, there are already more than 31 billion IoT devices worldwide and the number of connected mobile devices is expected to grow to 12.3 billion by 2022. Between 2018 and 2023, 500 million new logical apps will be created, which is equal to the number built over the past 40 years. 

All of these applications and devices must have machine identities to authenticate themselves to each other so they can communicate securely, Venafi explains. 

"However, machines—whether they are an app in a Kubernetes cluster or a serverless function in the cloud—don’t rely on usernames or passwords to establish trust, privacy and security," the company says.

"Instead, they use cryptographic keys and digital certificates that serve as machine identities. Because most organizations do not have machine identity management programs in place, attacks exploiting machine identities are already causing serious economic damage."

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, explains, “As we continue to move through digital transformation of nearly every essential service, it’s clear that human-centric security models are no longer effective.

“To protect our global economy, we need to provide machine identity management at machine speed and cloud scale," he says. 

"Every organisation needs to ensure they have full visibility and comprehensive intelligence over every authorised machine they are using in order to defend themselves against the rising tide of attacks.”

Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
Vodafone brings xone IoT platform to Aotearoa
The platform is a localised version of a solution belonging to the Vodafone Group, providing key in-country functionality to technology.More