Skip to main content
banner image
venafi logo

Attacks Using Machine Identities are Rising Dramatically: Is Your Organization Prepared?

Attacks Using Machine Identities are Rising Dramatically: Is Your Organization Prepared?

machine-identity-protection-against-cyber-attacks
October 21, 2020 | Emil Hanscom

Due to the COVID-19 pandemic, many organizations are rushing to implement digital transformation strategies sooner than anticipated. This rush can lead to more potential security risks, creating unintentional opportunities for cybercriminals who are nothing if not opportunistic. As we rely more on machines for critical business functions, a sizable attack surface is growing for machine identities.


Venafi recently released a study that examined a variety of malware, vulnerabilities and attacks using machine identities over the last five years. The study found that the machine identity attack surface is virtually exploding, with a rapid increase in all types of machine identity-related security events in 2018 and 2019. For example, the number of reported machine identity-related cyber attacks grew by over 400% during this two-year period.
 

“We have seen machine use skyrocket in organizations over the last five years, but many businesses still focus their security controls primarily on human identity management,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Accelerated digital transformation initiatives are in jeopardy because attackers are able to exploit wide gaps in machine identity management strategies.”
 

Bocek continues: “The COVID-19 pandemic is driving faster adoption of cloud, hybrid and microservices architectures, but protecting machine identities for these projects are often an afterthought. The only way to mitigate these risks is to build comprehensive machine identities management programs that are as comprehensive as customer, partner and employee identity and access management strategies.”
 

Key findings from the study include:

  • Between 2015 and 2019, the number of reported cyberattacks that used machine identities grew by more than 700%, with this amount increasing by 433% between the years 2018 and 2019 alone.
  • From 2015 to 2019, the number of vulnerabilities involving machine identities grew by 260%, increasing by 125% between 2018 and 2019.
  • The use of commodity malware that abuses machine identities doubled between the years 2018 and 2019 and grew 300% over the five years leading up to 2019.
  • Between 2015 and 2019, the number of reported advanced persistent threats (APTs) that used machine identities grew by 400%. Reports of these attacks increased by 150% between 2018 and 2019.


“As our use of cloud, hybrid, open source and microservices use increases, there are many more machine identities on enterprise networks—and this rising number correlates with the accelerated number of threats,” said Yana Blachman, threat intelligence researcher at Venafi. “As a result, every organization’s machine identity attack surface is getting much bigger. Although many threats or security incidents frequently involve a machine identity component, too often these details do not receive enough attention and aren’t highlighted in public reports. This lack of focus on machine identities in cyber security reporting has led to a lack of data and focus on this crucial area of security. As a result, the trends we are seeing in this report are likely just the tip of the iceberg.”


How safe are your machine identities? Learn more about machine identity protection.
 

Related posts

Like this blog? We think you will love this.
danger-of-man-in-the-middle-attacks
Featured Blog

Why Are Man-in-the-Middle Attacks So Dangerous?

How MitM attacks work

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat