Attacks Exploiting Digital Certs Soar by 700% in Five Years
The number of cyber-attacks exploiting “machine identities” has soared by more than 700% over the past five years, according to new data from Venafi.
The security vendor made the claims in its latest report, Machine Identities Drive Rapid Expansion of Enterprise Attack Surface.
It also revealed that this type of attack has surged by 433% from 2018 to 2019 alone, whilst the use of commodity malware that abuses machine identities doubled.
Machine identity refers to the use of digital certificates and cryptographic keys (ie SSL/TLS, SSH) to authenticate and secure computers and devices that connect with each other.
While IoT and digital transformation have led to an explosion in the use of such machines in the enterprise over recent years, security has failed to catch-up.
As many CISOs are unaware how many machines they have to manage, they’re unclear about the size of the attack surface, which could lead to unplanned outages as certificates expire. Attackers are increasingly also adding machine identity components to commodity malware so that attackers can hide in encrypted traffic, Venafi has warned in the past.
From 2015 to 2019, the number of vulnerabilities involving machine identities grew by 260%, while the number of reported advanced persistent threats (APTs) using these techniques grew by 400%, Venafi claimed.
“As our use of cloud, hybrid, open source and microservices use increases, there are many more machine identities on enterprise networks—and this rising number correlates with the accelerated number of threats,” said Yana Blachman, threat intelligence researcher at Venafi.
“As a result, every organization’s machine identity attack surface is getting much bigger. Although many threats or security incidents frequently involve a machine identity component, too often these details do not receive enough attention and aren’t highlighted in public reports.”