The year 2024 saw a surge in non-human identity (NHI) attacks, signaling a challenging year ahead for machine-to-machine identity theft in 2025. The trend was set in motion when Cloudflare revealed a massive breach due to NHI mismanagement, originating from the failure to rotate access tokens and exposed account credentials from the 2023 Okta compromise. Despite containment efforts, Cloudflare had to undertake significant measures like rotating over 5,000 production credentials, conducting forensic triages on thousands of systems, and rebooting its entire global network.

As the year unfolded, NHI breaches gathered momentum. In one instance, the New York Times suffered a breach where 270GB of internal data and applications were stolen from GitHub using an exposed GitHub Personal Access Token, highlighting the dangers of source-code leaks. The repercussions of such breaches can have far-reaching implications, despite attempts by affected organizations to downplay the severity of the situation.

The culmination of the year witnessed a series of high-profile breach disclosures attributed to NHI. Thousands of online stores running Adobe Commerce software fell victim to an NHI attack that incorporated stolen cryptographic keys to generate an API authorization token, facilitating the insertion of payment skimmers into the checkout process. Moreover, compromised AWS and Microsoft Azure machine-to-machine authentication keys in popular Android and iOS apps jeopardized user data and source code, potentially leading to unauthorized access and data manipulation.

Schneider Electric also confirmed a breach on its development platform, with a hacker boasting about compromising critical data using exposed Jira credentials. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the exploitation of a missing authentication vulnerability in Palo Alto Networks Expedition, spotlighting the significance of safeguarding authentication protocols against malicious exploitation.

A sophisticated phishing tool targeting GitHub users emerged in the fourth quarter, posing a serious threat to developers worldwide. Intruders utilized compromised secrets and permissions to generate API calls and manipulate user behavior, ultimately leading to potential data theft and unauthorized access to sensitive information. The year concluded with a major breach at the US Treasury department orchestrated by Chinese threat actors, who exploited leaked API keys to infiltrate the agency’s networks and access “unclassified documents.”

The surge of NHI attacks as the year drew to a close underscores the urgent need for chief information security officers (CISOs) and security teams to prioritize tackling emerging NHI threats in 2025. With the threat landscape evolving, proactive measures are essential to mitigate the risks posed by machine-to-machine identity theft and protect sensitive data from malicious actors.

Source link