The countdown is on to Keyfactor Tech Days     | Secure your spot today!

State of Machine Identity: A Look at the Machine ID Attack Surface

Machine Identity Management

What happens when your approach to security becomes a vulnerability? That’s the very real challenge facing many organizations.

Despite the importance of public key infrastructure (PKI), keys, and digital certificates in protecting organizations, the high volume of identities that need protection is creating serious issues as organizations struggle to manage them at scale.

The second-annual State of Machine Identity Management Report explores this challenge in its study on the role of PKI and machine identities in securing modern enterprises. The report is based on survey responses from over 1,200 global IT and security leaders.

Let’s take a deeper look into the situation according to these leaders.

2022 Machine Identity Report- Email Signature
66% are deploying more keys and certificates in their environments

Although two-thirds of respondents shared that their organizations are deploying more cryptographic keys and certificates in their environments than ever before, this number may not tell the full picture. 

In reality, a full 100% of organizations likely fall into this bucket. The remaining respondents may have underestimated the volume of keys and certificates being created due to a lack of visibility into their machine identity landscape. This is not surprising given that 55% of respondents admit their organization doesn’t know exactly how many keys and certificates they actually have.

As mentioned in our previous blog, this situation is becoming all the more common as the volume of machine identities continues to expand rapidly due to trends like implementing zero-trust security strategies, cloud-based services, and the shift to remote work. 

Unfortunately, most organizations don’t have the right tools or processes to manage this growth. In turn, a lack of control over the complete picture can lead to unmanaged or poorly protected machine identities – also known as machine ID sprawl. And when that happens, it becomes very easy for those identities to be compromised.

61% say that theft or misuse of keys and certificates is a serious or very serious concern

Not only do 61% of respondents consider the potential theft or misuse of keys and certificates in their environment a serious or very serious concern, but that number represents a significant increase from the 2021 study, when just 34% of respondents felt this way.

And this isn’t just talk: 50% of respondents say their organizations are likely or very likely to experience machine identity theft or misuse in the next two years.

Given the variety of attacks that target keys and digital certificates, there are numerous situations against which organizations must protect themselves. These attacks can range from small-scale business disruptions to large-scale, highly sophisticated attacks. 

Consider the following examples:

  • Compromising TLS keys to run a man-in-the-middle attack that can allow hackers to alter or steal information
  • Stealing code signing keys to sign malicious code that looks legitimate and can negatively impact end-users of software and hardware
  • Accessing SSH keys left unprotected on servers to gain privileged access to information systems and move laterally across the organization

Of course, these are just a few of many examples that illustrate how unmanaged keys and certificates can end up doing more harm than good.

Machine ID Compromise
59% use weak password-based authentication for SSH, and 50% say they do not have formal access controls for code signing keys

Avoiding these risks requires organizations to gain firm control over and visibility into TLS certificates, implement secure storage and access controls for code signing keys, and introduce centralized management for SSH identities.

However, there’s still a lot of progress that needs to be made on those fronts. To start, 59% of respondents use weak password-based authentication for SSH and 59% also say they have no centralized management for SSH identities.

At the same time, 50% of respondents do not have formal access controls for code signing keys, with 37% reporting their code signing keys are stored on build servers and another 17% storing them on developer workstations. Both of these locations are often highly vulnerable to attack, and that can worsen situations like the recent LAPSUS$ ransomware attack on Nvidia.

In March 2022, Nvidia revealed that two of its code signing keys were stolen in the LAPSUS$ ransomware attack and used to sign at least two binaries that were not actually developed by Nvidia. These situations allow attackers to release malicious software under the guise of a trusted company. 

Nvidia’s story is only one of many that feature machine identities being stolen or misused, and all of these real-life examples underscore the need for organizations to prioritize centralized control over and visibility into machine identities across the enterprise.

What are the biggest machine identity risks today?

The 2022 State of Machine Identity Management Report paints a stark picture of the risks in today’s enterprises that stem from a growing number of unprotected or unmanaged machine identities. Organizations must respond by building a modern PKI and machine identity management program.

Ready to dig deeper? To dive into these trends and more that are shaping the role of machine identities in today’s organizations, click here to find the full report.