Skip to main content
banner image
venafi logo

The Growing Risk of Malware Attacks Using Machine Identities

The Growing Risk of Malware Attacks Using Machine Identities

machine identity threats
August 3, 2020 | Emil Hanscom

According to threat analysis from Venafi, commodity malware campaigns utilizing machine identities are increasing at a rapid pace. For example, malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.
 

The Venafi Threat Intelligence Team analyzed security incidents and third-party reports in the public domain to gather data on the misuse of machine identities. Overall, malware attacks utilizing machine identities grew eightfold over the last 10 years and increased more rapidly in the second half of the decade. These findings are part of an ongoing threat research program focused on mapping the security risks that are connected with unprotected machine identities.
 

 


“Unfortunately, machine identities are increasingly being used in off-the-shelf malware,” said Yana Blachman, threat intelligence researcher at Venafi. “In the past, machine identity capabilities were reserved for high-profile and nation-state actors, but today we’re seeing a ‘trickle-down’ effect. Machine identity capabilities have become commoditized and are being added to off-the-shelf malware, making it more sophisticated and harder to detect. For example, massive botnet campaigns abuse machine identities to get an initial foothold into a network and then move laterally to infect further targets. In many recorded cases, bots download crypto-mining malware that hijacks a target’s resources and shuts down services. When successful, these seemingly simple and nonadvanced attacks can inflict serious damage on an organization and its reputation.”
 

The misuse of machine identities is further complicated by the explosion of microservices, DevOps projects, cloud workloads and IoT devices on enterprise networks. Today, there are already more than 31 billion IoT devicesworldwide and the number of connected mobile devices is expected to grow to 12.3 billion by 2022. Between 2018 and 2023, 500 million new logical apps will be created, which is equal to the number built over the past 40 years.
 

All of these applications and devices must have machine identities to authenticate themselves to each other so they can communicate securely. However, machines—whether they are an app in a Kubernetes cluster or a serverless function in the cloud—don’t rely on usernames or passwords to establish trust, privacy and security. Instead, they use cryptographic keys and digital certificates that serve as machine identities. Because most organizations do not have machine identity management programs in place, attacks exploiting machine identities are already causing serious economic damage.
 

“As we continue to move through digital transformation of nearly every essential service, it’s clear that human-centric security models are no longer effective,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “To protect our global economy, we need to provide machine identity management at machine speed and cloud scale. Every organization needs to ensure they have full visibility and comprehensive intelligence over every authorized machine they are using in order to defend themselves against the rising tide of attacks.”
 

Related posts

 

Like this blog? We think you will love this.
how-stop-ddos-attacks-and-cyber-security-solutions
Featured Blog

What Are DDoS Attacks and How Can You Stop Them?

How does a DDoS attack work?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat