Machine identities are "the next big target for cyberattack", security leaders warn
"The volume, variety and velocity of identities are becoming an attacker’s dream."
Attackers are compromising cloud-native environments with "alarming regularity" as growing numbers of security leaders warn that machine identities are becoming a major target for threat actors.
Venafi, a CyberArk company, has released a new research report called The Impact of Machine Identities on the State of Cloud Native Security in 2024.
With a survey of 800 security and IT decision-makers from large organizations across the US, UK, France and Germany, the second annual report examines the top machine identity security trends and challenges.
“The sleeping dragon is now awake: attackers are actively exploring cloud native infrastructure,” said Kevin Bocek, Chief Innovation Officer at Venafi. “A massive wave of cyberattacks has now hit, impacting most modern application environments.
"To make matters worse, cybercriminals are deploying AI in various ways to gain unauthorised access and exploiting machine identities using service accounts on a growing scale. The volume, variety and velocity of machine identities are becoming an attacker’s dream."
This year’s findings show that 86% of organizations had a security incident related to their cloud-native environment within the last year. As a result, 53% of organizations had to delay an application launch or slow down production time.
Half (45%) suffered outages or disruption to their application service and 30% said attackers could gain unauthorized access to data, networks and systems.
Other key findings include:
- Service accounts are the "next threat frontier": 88% of security leaders believe machine identities – specifically access tokens and their connected service accounts – are the next big target for attackers. Over half (56%) have experienced a security incident related to machine identities using service accounts in the last year.
- Supply chain attacks "tipped to get an AI makeover: 77% of security leaders think AI poisoning will be a prominent new software supply chain attack. A further 84% believe supply chain attacks remain a clear and present danger. However, 61% say senior management has taken its focus off supply chain security in the last year.
- Security and developer teams continue to clash: 68% of security leaders believe security professionals and developers will always be at odds, with 54% feeling they are fighting a losing battle trying to get developers to have a security-first mindset.
Respondents also warned of increased risk that cloud-native security coming under increasing pressure as attackers target these environments to compromise AI models and applications:
- 77% are concerned about AI poisoning, whereby AI data inputs/outputs are manipulated for malicious purposes.
- 75% are worried about model theft.
- 73% are concerned about the use of AI-led social engineering.
- A further 72% are worried about provenance in the AI supply chain.
“There is huge potential for AI to transform our world positively, but it needs to be protected,” Bocek added. “Whether it’s an attacker sneaking in and corrupting or even stealing a model, a cybercriminal impersonating an AI to gain unauthorized access, or some new form of attack we have not even thought of, security teams need to be on the front foot.
"This is why a kill switch for AI – based on the unique identity of individual models being trained, deployed and run – is more critical than ever.”
What are machine identities?
Machine identities are digital credentials used to identify, authenticate, and authorize machines, devices, applications, and cloud workloads within IT infrastructures. Unlike human identities, they are created and terminated automatically to adapt to business needs dynamically.
While the terms machine identities and non-human identities are often used interchangeably, some distinctions exist:
- Machine identities typically authenticate and manage physical devices (e.g., IoT devices, servers) using certificates, keys, and other credentials.
- Non-human identities often refer to identities used by services or applications to interact with cloud resources, excluding physical devices.
However, with the rise of virtualization and cloud services, these distinctions are becoming less significant.
Have you got a story to share? Get in touch and let us know.
