Machine identity attack surface exploding

Machine identity attack surface exploding

According to a study by Venafi, cyber-attacks related to machine identity grew by more than 400% between 2018 and 2019.

The machine identity attack surface is exploding. Machine identity management specialists Venafi have conducted a study of malware, vulnerabilities and attacks using machine identities over the last five years. The study uncovered a rapid increase in all types of machine identity-related security events in 2018 and 2019. For example, the number of reported machine identity-related cyber-attacks grew by over 400% during this two-year period.

“We have seen machine use skyrocket in organizations over the last five years, but many businesses still focus their security controls primarily on human identity management,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Digital transformation initiatives are in jeopardy because attackers are able to exploit wide gaps in machine identity management strategies."

The use of machines that connect to the internet is expanding rapidly. Security cameras, sensors, printers and many other devices are increasing the number of machines that have access to corporate IT networks. This trend is being multiplied by the COVID-19 pandemic which is driving faster adoption of cloud, hybrid and micro-services architectures.

Protecting machine identities for these projects is often an afterthought. According to Kevin Bocek: "The only way to mitigate these risks is to build comprehensive machine identity management programs that are as comprehensive as customer, partner and employee identity and access management strategies.”

Key findings from the study include:

  • Between 2015 and 2019, the number of reported cyber-attacks that used machine identities grew by more than 700%, with this amount increasing by 433% between the years 2018 and 2019 alone.
  • From 2015 to 2019, the number of vulnerabilities involving machine identities grew by 260%, increasing by 125% between 2018 and 2019.
  • The use of commodity malware that abuses machine identities doubled between the years 2018 and 2019 and grew 300% over the five years leading up to 2019.
  • Between 2015 and 2019, the number of reported advanced persistent threats (APTs) that used machine identities grew by 400%. Reports of these attacks increased by 150% between 2018 and 2019.

“As our use of cloud, hybrid, open source and micro-services use increases, there are many more machine identities on enterprise networks—and this rising number correlates with the accelerated number of threats,” said Yana Blachman, threat intelligence researcher at Venafi. “As a result, every organization’s machine identity attack surface is getting much bigger."

Although many threats or security incidents frequently involve a machine identity component, this detail does not receive enough attention. The vulnerabilities of machines are rarely highlighted in public reports.

This lack of focus on machine identities in cyber security means that there is a lack of data and little focus on this crucial area of security. As a result, the trends we are seeing in Venafi's report are likely to continue.

Venafi is a market leader in machine identity management, securing machine-to-machine connections and communications, and providing global visibility of machine identities and the risks associated with them for the extended enterprise.

Main image courtesy of

Copyright Lyonsdown Limited 2021

Top Articles

300% increase in global cyber attacks

According to NTT's Global Threat Intelligence Report, there has been a 300% increase in cyber attacks globally Manufacturing, healthcare and finance industries all saw an increase in attacks globally (300%,…

US pipeline giant Colonial Pipeline suffers disruptive DarkSide ransomware attack

Colonial Pipeline suffered a DarkSide ransomware attack late last week that forced it to shut all pipeline operations.

NCSC's Active Cyber Defence programme helped sink 70k online scams in 2020

NCSC's Active Cyber Defence programme, which includes the Suspicious Email Reporting Service, helped in taking down over 70,000 online scams totalling 1.4 million URLs last year.

Related Articles