Armis, a cybersecurity company, has recently published research that highlights the riskiest devices that pose threats to critical infrastructure industries such as manufacturing, utilities, and transportation. The research was conducted using data from the Armis Asset Intelligence and Security Platform, which tracks over three billion assets. The findings reveal that certain operational technology (OT) and industrial control systems (ICS) devices present the highest risk to these industries.
According to the research, engineering workstations are the most targeted OT devices in the industry, followed by SCADA servers. In the last two months, engineering workstations received the most attack attempts, with 56% of them having at least one unpatched critical severity Common Vulnerabilities and Exposures (CVEs). Additionally, 16% of engineering workstations are susceptible to at least one weaponized CVE, which has been published more than 18 months ago. These vulnerabilities make engineering workstations highly vulnerable to cyberattacks.
Uninterruptible Power Supplies (UPS) are another type of device that has experienced a significant number of attack attempts. Despite being critical for ensuring continuity in the event of a power outage, 60% of UPS devices have at least one unpatched critical severity CVE. This vulnerability puts both the devices themselves and other assets connected to them at risk of physical damage.
Programmable Logic Controllers (PLCs) are also identified as high-risk devices, with 41% of them having at least one unpatched critical severity CVE. PLCs are of great importance as they control essential operations in industrial environments. However, the research highlights that these legacy devices are susceptible to high-risk factors such as end of support hardware and end of support firmware.
In addition to the above devices, a set of other devices pose risks to manufacturing, transportation, and utilities environments. For example, 85% of barcode readers, 32% of industrial managed switches, 28% of IP cameras, and 10% of printers have at least one weaponized CVE published before January 2022.
The complexity of OT industries, characterized by multiple locations, numerous production lines, and complex distribution lines, leads to a vast number of both managed and unmanaged devices on their networks. Understanding the sources of risk and the necessary remediation presents a significant challenge for vulnerability management in these industries. This challenge also creates an entry point for malicious actors to exploit.
To address these challenges, Nadir Izrael, CTO, and Co-founder of Armis emphasizes the need for professionals to have an understanding of all assets on their network and additional intelligence on the activities of those devices. This contextual data will enable teams to prioritize the remediation of critical and weaponized vulnerabilities and reduce the attack surface more rapidly.
Furthermore, the research highlights the need for collaboration between OT and IT teams. While the convergence of OT and IT has brought about significant changes in the industrial landscape, unified management of both environments is yet to be fully realized. OT teams are primarily focused on maintaining industrial control systems and mitigating risks within operational environments, leaving certain IT-focused duties unattended. The data also reveals that four out of the five riskiest devices run Windows operating systems, indicating the ongoing challenge for both IT and OT teams to understand asset risks and secure vulnerable assets.
Armis recommends implementing a risk-based approach to vulnerability management in collaboration with OT and IT departments. This cross-departmental coordination will streamline processes, resource management, and achieve greater compliance and data security. To facilitate this, Armis offers the Armis Unified Asset Intelligence Platform, which can discover all connected assets, map out their communications and relationships, and provide contextual intelligence to assess the risk they pose to the business. The platform is designed to protect both OT and IT environments, leveraging machine learning and artificial intelligence to detect anomalies and trigger automated responses for easier management of the overall attack surface.
In conclusion, the research conducted by Armis brings attention to the riskiest devices in critical infrastructure industries. The findings underscore the need for proactive vulnerability management, collaboration between OT and IT teams, and the implementation of comprehensive security solutions to protect against cyber threats in the evolving industrial landscape.