The use of machine identities is growing in state-sponsored cyberattacks, according to new cybersecurity research.
A Venafi study of 1,101 security decision-makers globally found that 66% of organizations have changed their cybersecurity strategy as a direct response to the conflict between Russia and Ukraine, while 64% suspect their organization has been impacted or targeted by a nation-state cyberattack. However, nearly the same percentage of organizations (63%) say that they doubt they would be able to determine whether their organization was hacked by a nation-state.
Recent events and the survey findings highlight that geopolitics and cybersecurity are intrinsically linked — a sentiment shared by 82% of respondents. Sixty-eight percent of security leaders surveyed have had more conversations with their board and senior management in response to the Russia/Ukraine conflict.
Security researchers have identified that Chinese APT groups are conducting cyberespionage to advance China’s international intelligence, while North Korean groups are funneling the proceeds of cybercrime directly to their country’s weapons programs. The SolarWinds attack — which may have compromised thousands of organizations — is a prime example of the scale and scope of nation-state attacks that leverage compromised machine identities, according to Venafi. Russia’s HermeticWiper attack, which breached numerous Ukrainian entities just days before Russia’s invasion of the country, used code signing certificates to authenticate malware in a recent example of machine identity abuse by nation-state actors.
For more report findings, click here.