Machine identity malware attacks grow eightfold in a decade

The number of malware attacks utilising machine identities have grown eightfold in the last decade, according to new research.

Analysis of threat data gathered by Venafi, a machine identity management provider, showed a significant rise in the number of attacks using this method, with notable examples during 2018 to 2019, including high profile malware campaigns like TrickBot, Skidmap, Kerberods and CryptoSink.

Venafi's threat intelligence team gathered data on the misuse of machine identities by analysing security incidents and third-party reports in the public domain, finding that the trend accelerated more rapidly in the second half of the last decade.

The issue is made much more complicated by the explosion of micro-services, DevOps projects, cloud workloads and Internet of Things (IoT) devices on enterprise networks. All of these must have machine identities to authenticate themselves to each other so they can communicate securely.

However, machines - whether they are an app in a Kubernetes cluster or a serverless function in the cloud - rely on usernames or passwords to establish privacy and security, instead of more advanced cryptographic keys and digital certificates that serve as machine identities.

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, said: “As we continue to move through digital transformation of nearly every essential service, it’s clear that human-centric security models are no longer effective.

“Every organisation needs to ensure they have full visibility and comprehensive intelligence over every authorised machine they are using in order to defend themselves against the rising tide of attacks.”

    Share Story:

Recent Stories