Machine identities have officially become the new frontier of cyber-attacks. Why? Hackers have realized that quietly sneaking in through a “backdoor” (i.e., expired certificate or an ex-employee’s active credentials) has a much higher success rate than direct on a corporate network. In fact, in Verizon’s 2021 Data Breach Investigations Report (DBIR) revealed that 61% of all security breaches involve credentials. And a new report from Zscaler shows a 260% increase in encrypted attacks.
This shift is clear in recent cyber-attacks including the Team TNT Malware Hildegard and the new Linux rootkit dubbed Facefish. What is actually causing these increased instances of cyber-attacks against machine identities, and what can you do to stay alert and secure as the encryption attack surface continues growing more volatile?
The recent surge of attacks that target machine identities can be attributed to several aspects across the ever-changing security landscape. The most obvious of these being the rise of remote work thanks to the coronavirus pandemic. When non-essential workers had to remain home, many secure corporate networks were being accessed by insecure devices on unprotected networks from too many locations to track. Monitoring and securing machines is much easier when they’re all under the same roof. Even with the pandemic slowly coming to an end there is every indication that this trend will continue, with more employees demanding the flexibility and comfort that working from home provides. Be sure to review our data encryption strategies for remote employees to ward off as much of the threat as possible!
Another major shift is the increased adoption of cloud computing, which is expected to grow 20% by the end of 2021. Many IT teams are struggling to keep up with level and configurations of security need for cloud, which is leaving organizations open to attack. Plus, most organizations that have adopted cloud rarely have only one provider. There are best practices for multi-cloud environments you can start utilizing today, but the risk is always there.
Finally, increased utilization of third-party providers is another common source of security holes. When a vast number of different providers all require different levels of network access, it’s too easy for user access to be misconfigured. That’s why frequent users of third parties statistically experience higher cases of cyber-attacks.
Full machine identity visibility and automation is the solution
With the disintegration of the network perimeter, many organizations have shifted to a zero trust security model where identity has become the perimeter—validating and authorizing each distinct connection. As a result, identity security has become a far more complex problem, and the only path forward is a machine identity management program that provides comprehensive visibility, intelligence and automation. Human error has caused too many data breaches to safely rely on manual management.
In that sense, machine identity management and protection go hand in hand. Knowing where your machine identities are located and who’s using them is paramount. An in-depth understanding of the encryption attack surface will be critical in defending your organization with the automation and visibility that machine identity management with Venafi provides.
Once you’ve taken time to understand today’s threat landscape, the next step is taking active steps to protect yourself against those threats!