Skip to main content
banner image
venafi logo

2021 Predictions: Digital Transformation Fuels Machine Identity Crisis

2021 Predictions: Digital Transformation Fuels Machine Identity Crisis

January 1, 2021 | Emil Hanscom

2020 has been an especially challenging year for cybersecurity professionals because the pandemic has forced many organizations to dramatically accelerate digital transformation plans—to move even greater portions of their business online. However, in the interest of speed, digital transformation efforts often ignore machine identity management. Undervaluing the importance of machine identities can prove to be a serious mistake because they are required for secure connection and communication between devices, cloud workloads, AI algorithms, containers and APIs.

This problem is so serious that the attack surface connected with machine identities expanded by more than 400% over the last two years. Pandemic-driven digital acceleration efforts will further add to these critical machine identity management issues.

We asked three cybersecurity experts at Venafi for their cybersecurity predictions for the next year. They have identified a set of key machine identity management security trends that are likely to increase in 2021.


Lack of automation will fuel a machine identity crisis and increase the attack surface

Kevin Bocek, vice president of security strategy and threat intelligence notes:

“We are hurtling towards a machine identity crisis. Modern organizations are increasingly structured around speed and focused on digital acceleration and automation. However, the automation used to support digital acceleration is not being applied to the management of machine identities, even though organizations are using twice as many as they used just 24 months ago. This leaves organizations vulnerable to sophisticated cyberattacks that target machine identities. For example, we are seeing some botnet campaigns that have their own development teams in order to accelerate the rate of innovation. We should expect this level of sophistication to increase exponentially over the next year.

“In 2021, cybercriminals will take control of machines that use weak or poorly managed machine identities in order to monetize them. This is a natural evolution of ransomware, which typically takes one machine hostage at a time. In 2021, cybercriminals will begin to take over more virtual machines, containers and eventually, entire clouds—and put them to work. Cybercriminals will do this by stealing or creating fraudulent machine identities using SSH keys, which make them appear trusted, and then monetize them using techniques such as cryptomining.”


SSH marketplaces on the dark web and attacks against open-source repositories

Yana Blachman, principal threat intelligence analyst warns:

“We could see SSH marketplaces on the dark web in 2021. We have already seen RDP marketplaces offering access to compromised machines, so marketplaces, where SSH keys are sold to allow backdoor access into specific networks, are a logical next step. This is the natural evolution of the broader ‘professionalization of cybercrime’ trend and an expansion of Crime-as-a-Service (CaaS) and Access-as-a-Service (AaaC). In 2020, we saw CaaS grow rapidly where cybercriminals turn prolific malware, like Trickbot and Emotet, into commodity modular malware and rent parts of it to the competitors without conflicts of interest. These new SSH marketplaces will enable crime gangs and run-of-the-mill cybercriminals to use tools previously limited to large cybercrime organizations and nation-state groups.
“There will also be a sharp rise in attacks against open-source software tools and libraries. By targeting the supply chain of open source repositories, cybercriminals potentially can hit many more targets and maximize their results with less work. We have already begun to see this happen where attackers target open-source supply chains in various ways. From the repeating typosquatting attacks against popular package managers such as PyPi and RubyGems to new sophisticated supply chain attacks, like Octopus Scanner that targets open-source software projects on GitHub to serve back-doored code through the NetBeans IDE without the knowledge of the project owners.”


A dramatic increase in attacks on APIs and new RDP brute-force attacks

Pratik Savla, senior security engineer predicts:

“Attacks on APIs will grow exponentially in 2021. In the past few years, there has been a substantial increase in both the number of APIs and the number of companies using them in external, customer-facing applications. Because APIs connect different systems, a compromise could expose huge amounts of sensitive data. And because APIs use machine identities for authentication, threat actors can steal or otherwise misuse those identities, leading to serious risk.

“For example, the APIs used for open banking initiatives in Europe allows for huge amounts of personal and financial data to flow freely between organizations. We have already seen some serious API vulnerabilities, including one that allowed privilege escalations of authenticated low permission-level users, and it’s clear that this trend will continue. To combat this, organizations need to thoroughly audit and pen test APIs to ensure they have a DevSecOps mindset. This should be common sense but doesn’t seem to be implemented in many cases.”

“Due to the large-scale prevalence of remote working, companies are now increasingly leveraging RDP—an application-level protocol that verifies machine identities when providing access to Windows workstations or servers. That has in turn led to RDP brute-force attacks increasing exponentially in 2020, and the volume and intensity of such attacks will only continue to increase further in 2021. These attacks involve threat actors using different tools at their disposal to cycle through multiple user authentication credentials, in an attempt to find the target machine’s correct RDP login credentials.

“Practicing defense-in-depth and applying the least privilege principle can help in reducing the risk of such attacks.”


Are you prepared to effectively manage machine identities in 2021?

Related posts

Learn more about machine identity management.

Like this blog? We think you will love this.
Featured Blog

Orchestration and Automation are Critical for Machine Identities

The challenges of identity-based zero trust security

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more