Malware attacks abusing machine identities grew eightfold over the last 10 years
SALT LAKE CITY–(BUSINESS WIRE)–#Cybersecurity–According to threat analysis from Venafi®, the inventor and leading provider of machine identity management, commodity malware campaigns utilizing machine identities are increasing rapidly. For example, malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.
The Venafi Threat Intelligence Team gathered data on the misuse of machine identities by analyzing security incidents and third-party reports in the public domain. Overall, malware attacks utilizing machine identities grew eightfold over the last 10 years and increased more rapidly in the second half of the decade. These findings are part of an ongoing threat research program focused on mapping the security risks connected with unprotected machine identities.
“Unfortunately, machine identities are increasingly being used in off-the-shelf malware,” said Yana Blachman, threat intelligence researcher at Venafi. “In the past, machine identity capabilities were reserved for high-profile and nation-state actors, but today we’re seeing a ‘trickle-down’ effect. Machine identity capabilities have become commoditized and are being added to off-the-shelf malware, making it more sophisticated and harder to detect. For example, massive botnet campaigns abuse machine identities to get an initial foothold into a network and then move laterally to infect further targets. In many recorded cases, bots download crypto-mining malware that hijacks a target’s resources and shuts down services. When successful, these seemingly simple and nonadvanced attacks can inflict serious damage on an organization and its reputation.”
This problem is made much more complicated by the explosion of microservices, DevOps projects, cloud workloads and IoT devices on enterprise networks. Today, there are already more than 31 billion IoT devices worldwide and the number of connected mobile devices is expected to grow to 12.3 billion by 2022. Between 2018 and 2023, 500 million new logical apps will be created, which is equal to the number built over the past 40 years. All of these applications and devices must have machine identities to authenticate themselves to each other so they can communicate securely. However, machines—whether they are an app in a Kubernetes cluster or a serverless function in the cloud—don’t rely on usernames or passwords to establish trust, privacy and security. Instead, they use cryptographic keys and digital certificates that serve as machine identities. Because most organizations do not have machine identity management programs in place, attacks exploiting machine identities are already causing serious economic damage.
“As we continue to move through digital transformation of nearly every essential service, it’s clear that human-centric security models are no longer effective,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “To protect our global economy, we need to provide machine identity management at machine speed and cloud scale. Every organization needs to ensure they have full visibility and comprehensive intelligence over every authorized machine they are using in order to defend themselves against the rising tide of attacks.”
Venafi is the cybersecurity market leader in the machine identity protection market, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, code signing, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
With over 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and four of the top five banks in the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.
For more information, visit: www.venafi.com.