Identification threats
Whereas vulnerabilities had been the second commonest preliminary entry vector present in Verizon’s DBIR, abused credentials as soon as once more took the highest spot. Identities that may be abused for preliminary entry or lateral motion embody not simply end-user credentials but additionally API keys, entry tokens, service accounts, cloud features, and different non-human identities (NHIs) utilized by machines, companies, and workloads.
“Our evaluation finds that NHIs outnumber their human counterparts by a median of fifty:1,” the Orca crew stated. “But NHIs, when left unsecured, can dramatically improve cloud dangers. That is very true when customers grant NHIs extra permissions than they want.”
Orca discovered that 77% of organizations that use AWS have at the very least one service account with permissions throughout two or extra accounts and 12% of orgs have permissive roles connected to greater than 50 cases. A few of these roles, as soon as created, stay unused, with virtually 90% of orgs having IAM credentials that weren’t utilized in over 90 days.
