2023 has seen its fair share of cyber attacks, however there's one attack vector that proves to be more prominent than others – non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the beginning. Why non-human access is a cybercriminal's paradise People always look for the easiest way to get what they want, and this goes for cybercrime as well. Threat actors look for the path of least resistance, and it seems that in 2023 this path was non-user access credentials (API keys, tokens, service accounts and secrets). __ "50% of the active access tokens connecting Salesforce and third-party apps are unused. In GitHub and GCP the numbers reach 33%." __ These non-user access credentials are used to connect apps and resources to other cloud services. What makes them a true hacker's dream is that they have no security measures like user credentials do (MFA, SSO or other IAM policies), they are mostly over-permissive, ungoverned, and never-revoked. In fact, 50% of the active access tokens connecting Salesforce and third-party apps are unused. In GitHub and GCP the numbers reach 33%.* So how do cybercriminals exploit these non-human access credentials? To understand the attack paths, we need to first understand the types of non-human access and identities. Generally, there are two types of non-human access – external and internal. External non-human access is…Read More
References
Back to Main