cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

The importance of maintaining effective machine-identity security

As cyber criminals hunt for new and more sophisticated ways to mount attacks, many are paying close attention to the role played by machine identities. Kevin Bocek from Venafi explores.

user iconKevin Bocek
Mon, 21 Mar 2022
Kevin Bocek
expand image

In some high-profile security incidents, such as those experienced by SolarWinds and Kaseya, the software supply chain was leveraged as a conduit for attacks due to machine-identity and code-signing mismanagement.

During the past two years, the COVID-19 pandemic has added further complexity to the use of machine identities. A rapid shift to the cloud, remote work practices, increased reliance on internet of things (IoT) devices and mobility have all served to change the enterprise IT landscape.

Unfortunately, however, in many cases security became an afterthought. It’s become clear that robust machine-identity management is now a crucial tool for organisations racing to catch up and protect their corporate assets.


The part played by machine identities

In the modern world, machines control everything from connectivity to data flows. Personal computers, IoT and mobile devices, apps, office equipment, and microservices all have a role in modern corporate environments.

Each machine requires a unique identity to manage and secure connections with other machines and the wider IT infrastructure. These devices are issued a form of digital “ID” through SSL, TLS and code-signing security certificates, authentication tokens, and SSH keys, which then act as their machine identity.

Machine identities are required to facilitate the billions of transactions that occur worldwide every day, from routing to processing financial transactions. It’s this critical role that makes them so appealing to attackers.

It only takes one

Just one mismanaged or unprotected machine identity can cause a widespread security incident. Once an identity has been stolen or tampered with, attackers can obfuscate malicious activity, steal data, conduct surveillance and deploy ransomware.

Unfortunately, this is a risk factor that many businesses do not yet fully understand. Research conducted by Venafi and AIR Worldwide estimates that the worldwide economy faces losses of between US$51 billion and US$72 billion annually due to the poor protection of machine identities.

Popular attack vectors

Cyber criminals are constantly scanning for weaknesses in corporate networks and their underlying machine-identity protocols. While their attack techniques are constantly evolving, the most popular vectors include:

  • Compromising key security certificates:
    Stolen or rogue certificates can be used to make websites or activity appear legitimate. Expired certificates, too, can be exploited to eavesdrop on communication or to intervene in transactions.
  • The exploitation of inadequate protections:
    While crucial in verifying the authenticity and integrity of software code, signing certificates can also be exploited for malware signing. An example of this was the SolarWinds breach. Attackers were able to infiltrate the software vendor’s network and exploit a lack of code-signing and verification policies to deploy a malicious Orion update containing the Sunburst backdoor. The malware was delivered to approximately 18,000 customers.
  • The abuse of SSH keys:
    SSH keys are used to access encrypted and secure channels and establish trust. However, if these keys are abandoned, forgotten, unaudited or acquired through dark web trades, this can expose corporate assets and accounts to hijacking. Many strains of commodity malware now contain the capability to abuse SSH keys.

Improving the security of machine identities

For many organisations, the task of effectively managing large numbers of machine identities can be a time-consuming and difficult task. In many cases, organisations do not know how many certificates and keys they have or where these are located.

At a time when the shift to hybrid working has widened potential attack surfaces, overcoming this situation is now vital. Organisations of all sizes need to place a greater emphasis on protecting machine identities to secure their IT networks.

To achieve this, increasing numbers are deploying machine identity management solutions. These solutions can help to protect devices and grant IT teams improved visibility into the systems they are trying to protect, without placing an additional burden on their shoulders.

However, while automation can streamline this process as well as reduce the risk of human error causing a data breach, it alone is not enough. Effective security needs to be introduced at every stage of the software development cycle to reduce the risk of machine identity, certificate and key compromise.

The risks posed by ineffective machine identity management are likely to continue to increase in coming months and years. Taking the steps required overcome this should now be a top priority.

Kevin Bocek is the chief security strategist at Venafi.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.