Machine identities next big target for cyberattacks

Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024. Surveying 800 security and IT decision-makers from large organizations across the U.S., U.K., France and Germany, this second annual report examines the top machine identity security trends and challenges impacting the state of cloud native security today.

  • 5 days ago Posted in

This year’s findings reveal attackers are compromising cloud native environments with alarming regularity. 86% of organizations had a security incident related to their cloud native environment within the last year. As a result, 53% of organizations had to delay an application launch or slow down production time; 45% suffered outages or disruption to their application service; and 30% said attackers could gain unauthorized access to data, networks and systems.

Other key findings include:

Service accounts are the next threat frontier: 88% of security leaders believe machine identities – specifically access tokens and their connected service accounts – are the next big target for attackers. Over half (56%) have experienced a security incident related to machine identities using service accounts in the last year.

Supply chain attacks tipped to get an AI makeover: 77% of security leaders think AI poisoning will be the new software supply chain attack. A further 84% believe supply chain attacks remain a clear and present danger. However, a worrying 61% say senior management has taken its focus off supply chain security in the last year.

Security and developer teams continue to clash: 68% of security leaders believe security professionals and developers will always be at odds, with 54% feeling they are fighting a losing battle trying to get developers to have a security-first mindset.

“The sleeping dragon is now awake: attackers are now actively exploring cloud native infrastructure,” said Kevin Bocek, Chief Innovation Officer at Venafi, a CyberArk Company. “A massive wave of cyberattacks has now hit cloud native infrastructure, impacting most modern application environments. To make matters worse, cybercriminals are deploying AI in various ways to gain unauthorized access and exploiting machine identities using service accounts on a growing scale. The volume, variety and velocity of machine identities are becoming an attacker’s dream.”

AI threats loom large on the horizon

Respondents also reported the risk of cloud native security coming under increasing pressure as attackers target these environments to compromise AI models and applications:

77% are concerned about AI poisoning, whereby AI data inputs/outputs are manipulated for malicious purposes.

75% are worried about model theft.

73% are concerned about the use of AI-led social engineering.

A further 72% are worried about provenance in the AI supply chain.

“There is huge potential for AI to transform our world positively, but it needs to be protected,” Bocek continues. “Whether it’s an attacker sneaking in and corrupting or even stealing a model, a cybercriminal impersonating an AI to gain unauthorized access, or some new form of attack we have not even thought of, security teams need to be on the front foot. This is why a kill switch for AI – based on the unique identity of individual models being trained, deployed and run – is more critical than ever.”

Machine identity security complexity is growing

The research also provided insights into which areas in cloud native infrastructure organizations have experienced security incidents. Machine identities like access tokens used with service accounts topped the list with 56%, but almost as many (53%) experienced incidents related to other machine identities, such as certificates.

Part of the reason these incidents occur with such regularity is the growing complexity of cloud native environments. This creates new challenges for security teams around managing and securing the machine identities that underpin access and authentication in cloud native environments:

74% of security leaders agree that humans are the weakest link in machine identity security. 83% of teams recognize that failing to secure machine identities at the workload level renders all other security obsolete.

69% say that delivering secure access between their cloud native and data center environments is a “nightmare to manage,” while 89% are experiencing challenges around managing and securing secrets at scale.

83% think having multiple service accounts also creates a lot of added complexity, but most (91%) agree that service accounts make it easier to ensure that policies are uniformly defined and enforced across cloud native environments.

Bocek concludes: “Attackers are increasingly zoning in on machine identities in cloud native technologies. Security teams must prioritize machine identity security to the same degree as human identities. The great news is that secrets management, certificate lifecycle management (CLM) and cloud native security are available today. An automated, end-to-end machine identity security program means businesses can enhance their cloud native security, ensuring operational stability and business growth.”

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...
Getronics will leverage the LogRhythm SIEM Platform by Exabeam for comprehensive log...