Malware Attacks Have Increased 8 Times in the Last 10 YearsOrhan Sari
Malware attacks have increased 8 times in the last 10 years.
Applications and devices must have machine IDs to securely communicate with each other upon authentication. However, whether it is a Kubernetes application or a serverless function in the cloud, machines prefer to use encryption keys and digital certificates used as machine IDs rather than relying on usernames or passwords to create trust, privacy, and security. Since most organizations do not have machine ID management software, malware using machine IDs causes serious damage.
Vulnerabilities in the servers that belong to the institution and can communicate with the outside world can be exploited and allow criminals to infiltrate into the internal network of the institution. Hackers who infiltrate the internal network of the organisation can use the identities they have obtained to reach more servers. Although these attacks may seem small and harmless at first, the more servers the attackers can obtain and access, the greater the risk would be for the organisation. Therefore, it is very important to detect such vulnerabilities in advance to prevent machine IDs from being compromised.
According to the threat analysis company, Venafi, malware using machine IDs are increasing rapidly. For example, TrickBot notes that malware attacks using machine IDs doubled from 2018 to 2019, including highly serious malware such as Skidmap, Kerberods and CryptoSink. By analysing security incidents in the public domain and reports prepared by third-party companies, a lot of data were collected on the abuse of machine identities.
Malware attacks have increased
Overall, malware attacks using machine IDs have increased eightfold over the past 10 years, and have started to increase faster after the second half of the decade.
How to Stop Malware Attacks?
To prevent compromise and misuse of machine identities, it is important to reduce the vulnerabilities on the operating systems or enterprise-specific applications as much as possible. For this, infiltration investigations can be carried out with cyber security expert teams and vulnerability detection can be performed. In addition, the cyber security awareness training programs can be used to minimise human error and increase employee cybersecurity awareness.
Get in touch with Keepnet Labs for free cyber security awareness training now!