Top 5 Non-Human Access Attacks of 2023

Top 5 Non-Human Access Attacks of 2023>
Cloud Security Alliance – Tal Skverer & Danielle Guetta
In this report by Astrix, the most high-profile non-human access attacks of 2023 are ranked based on their impact, cost of mitigation, and ingenuity.
The top 5 attacks, along with insights and lessons, are detailed as follows:
1\) **Microsoft365 Forged Access Token (July 2023)**: A master signing key was stolen from a compromised Microsoft employee’s machine, leading to the creation of valid email access tokens.
Specifically, the event scored high in terms of cost of mitigation, impact, and ingenuity.
The move from on-premises servers to cloud-native solutions has increasingly put trust in cloud suppliers, making companies vulnerable to more attack vectors.
2\) **CircleCI (January 2023)**: Compromised employee machines allowed threat actors to access and steal session tokens, leading to a full-fledged supply chain attack.
It scored high in terms of cost and impact and highlighted the difficulties of remediating supply chain attacks involving non-human identities.
3\) **Okta (October 2023)**: Attackers utilized a stolen service account, impacting high-profile Okta customers, including BeyondTrust, 1Password, and Cloudflare.
The attack showcased the importance of employing least-privilege permissions and dynamic monitoring for service accounts.
4\) **Microsoft SAS Key (September 2023)**: A SAS token published by Microsoft’s AI researchers exposed over 38TB of sensitive information, emphasizing the need for extreme precaution in handling potentially public secrets.
5\) **Sumologic (Nov 2023)**: A compromised credential was used to access Sumologic’s AWS account, leading to an extremely high cost of mitigation, sparking a need for continuous inventory of non-human access and behavior monitoring.
The report underscores the significance of securing non-human identities and their access credentials in the context of cloud adoption and automation, thereby ensuring core systems and data are protected in the midst of growing connectivity and automation trends in 2024 and beyond.
Link: https://cloudsecurityalliance.org/blog/2024/01/16/top-5-non-human-access-attacks-of-2023/


Tags: