- Horangi analyzed nearly 37,000 user identities across 115 organizations in ASEAN, India, Africa, and the United States
- In Singapore, more than 8% of super admin accounts did not have multi-factor authentication (MFA) enabled. In Indonesia, this number rose to more than 14%
- 43% of all external users outside the organisation were granted admin rights, highlighting the importance of securing the supply chain
- The FSI sector accounted for > 10% of identities without MFA enabled for super admin privileges
- For organizations on AWS, more than 1 in 2 identities were unused, and 46% of these unused identities had sensitive IAM access. Of all identities with sensitive IAM access, almost 25% of these identities in SIngapore were unused, compared to 21% in Indonesia
Singapore, March 29 2022 — Horangi, a Singapore-headquartered cybersecurity company providing solutions optimised for cloud-based organisations across Southeast Asia, identified excessive access and control permissions as a key cybersecurity risk amid the region’s move to cloud. Left unaddressed, this could raise the likelihood of compromised credentials, enabling threat actors to access the organisation’s network and set the stage for a ransomware attack. This is especially of concern for Southeast Asia, a highly digitalised region where ransomware is currently the most prominent malware threat.
This was the key finding from Horangi’s analysis of nearly 37,000 user identities conducted by its flagship multi-cloud security solution, Warden, that yielded insights into the state of cyber hygiene within digital-first organisations across ASEAN, India, Africa, and the United States.
Providing a prominent example of excessive permissions, Horangi’s analysis determined that an average of 43% of external users outside of an organisation were granted admin rights. Beyond data privacy concerns, this trend can greatly increase the risk of ransomware attacks should admin credentials fall into the wrong hands, allowing threat actors to hold the firm’s digital assets hostage.
An assessment of scans from Singapore-based organisations revealed that close to 10% of identities with sensitive permissions comprised users outside the company. While lower than the regional average, the ramifications of this finding are significant, with any ransomware attack potentially having a detrimental impact on the city-state’s status as a regional business hub.
The analysis also uncovered several practices related to excessive permissions that could raise ransomware risks for organisations in Southeasat Asia, with notable observations being:
1. Lack of Multi-Factor Authentication (MFA) for admin accounts
23% of identities analysed were found to not have MFA enabled. More worryingly, 18% of these users had super administrator permissions. This presents a major risk for organisations as threat actors can leverage the stolen credentials of administrator accounts to launch crippling ransomware attacks. In Singapore, more than 8% of super admin accounts did not have MFA enabled, with this number increasing to more than 14% in Indonesia, one of Southeast Asia’s largest digital economies.
2. Financial Services sector facing risks arising from excessive permissions
Of organisations in the Financial Services sector, more than 10% of identities with super administrator privileges were found to not have MFA enabled, with almost 6% of these identities being external users. This could raise ransomware risks for these firms, opening them up to potential compliance violations in addition to any reputational impact. According to Fitch, financial services providers are popular targets for ransomware attacks as they usually possess highly valuable data such as payment information or personal identifiable information.
3. More than half of identities on Amazon Web Services (AWS) are unused
Horangi found that more than 60% of identities on AWS were unused, likely a result of accepting default permissions when setting up cloud identities. 46% of unused identities also had sensitive Identity and Access Management (IAM) access. Considering the global reach of AWS, a market leader in cloud services, many organisations could be placed at unnecessary risk. Of all identities with sensitive IAM access among Singapore-based organisations, almost 25% of identities were unused. Organisations in Indonesia registered a similar situation, where more than 21% of identities with sensitive IAM access were unused.
4. Growth in machine identities are outpacing human identities
Machine identities such as IoT devices, containers, and services continue to outnumber human identities — a trend that is unique to the cloud as opposed to on-prem environments. Organisations must maintain visibility and control of these identities, or they risk these being entry points for potential ransomware attacks. Illustrating this point, Horangi observed that machine identities outnumbered human identities by fivefold.
For organizations on AWS, 50% of SSH keys were found to not have been rotated in the past 90 days. Key rotation is essential to prevent vulnerabilities from old cryptographic algorithms and attackers or ex-employees having access to old keys.
“Threat actors are constantly seeking ways to monetise illicit activities, with ransomware becoming the latest trend that is anticipated by industry observers to be a mainstay of the cyberthreat landscape for the foreseeable future. Growing cloud adoption across Southeast Asia could potentially exacerbate the challenge posed by excessive permissions, making it imperative for digital-first organisations to invest in the right capabilities to remotely manage entitlements,” said Paul Hadjy, CEO and Co-Founder at Horangi. “These include Identity and Access Management tools such as Warden that can augment the ability of security teams to effectively manage increasingly complex and decentralised infrastructure set-ups, and automatically enforce least privilege when suspicious activity is monitored, mitigating risks at scale.”
Ransomware is forecasted to cost victims around $265 billion (USD) annually by 2031 with an attack estimated to take place every 2 seconds. Southeast Asia, as one of the largest digital economies in the world, is exposed to outsized risks from ransomware. Southeast Asia has registered a rise in cybercrime at an increase as high as 600%, with ransomware being the most prominent threat. This has made it mission critical for organisations in the region to implement the necessary measures to safeguard their digital presence.
Horangi is a leading cybersecurity company founded by ex Palantir Technologies engineers and is headquartered in Singapore. Horangi’s best-in-class Warden cloud security platform protects organizations in the public cloud, complemented by an elite team of cybersecurity experts providing CREST-accredited OffSec and strategic cybersecurity services to customers across the world. For more information, visit https://www.horangi.com/.
KeKomunikation for Horangi