Armis, a cybersecurity company, has recently released new research that identifies the riskiest connected assets that pose threats to global businesses. The findings of the research highlight the risks that organizations face from various connected assets across different device classes. This emphasizes the need for organizations to have a comprehensive security strategy in place to protect their entire attack surface in real-time.
According to Nadir Izrael, the CTO and Co-Founder of Armis, it is crucial to educate global businesses about the evolving and increased risks introduced to their attack surface through managed and unmanaged assets. This knowledge is essential for organizations to defend against malicious cyberattacks. Without such awareness, business, security, and IT leaders are left vulnerable to blind spots that can be exploited by bad actors.
Using their Armis Asset Intelligence Engine, the researchers at Armis analyzed the connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs), and high-risk ratings to determine the riskiest assets.
The research revealed that the top 10 asset types with the highest number of attack attempts were distributed across different classifications, including IT, OT, IoT, IoMT, IoPT, and BMS. This indicates that attackers are more concerned about gaining access to assets rather than the specific type of asset. Therefore, security teams must consider all physical and virtual assets as part of their security strategy.
The top 10 device types with the highest number of attack attempts include engineering workstations (OT), imaging workstations (IoMT), media players (IoT), personal computers (IT), virtual machines (IT), uninterruptible power supply (UPS) devices (BMS), servers (IT), media writers (IoMT), tablets (IoPT), and mobile phones (IoPT).
Tom Gol, the CTO of Research at Armis, explained that these assets are intentionally targeted by malicious actors because they are externally accessible and have an expansive attack surface. Moreover, these assets often have known weaponized CVEs, making them attractive targets. For example, engineering workstations can have connections to controllers in a factory, imaging workstations gather private patient data from hospitals, and UPSs can serve as access points to critical infrastructure. Therefore, IT leaders should prioritize asset intelligence cybersecurity and apply necessary patches to mitigate these risks.
The research also highlighted a significant number of network-connected assets that are susceptible to unpatched, weaponized CVEs. These vulnerabilities were published before January 2022. Armis found that many assets of each type had these vulnerabilities between August 2022 and July 2023. This introduces significant risk to businesses if these assets remain unpatched.
Furthermore, the researchers at Armis examined asset types with the most common high-risk factors. They found that many physical devices on the list, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. Although these assets are nearing the end of their functional life, they are still in use, making them vulnerable. Additionally, some assets, like personal computers, continue to use SMBv1, a legacy and unencrypted protocol that has been targeted in previous cyberattacks. Alarmingly, 74% of organizations still have at least one asset in their network that is vulnerable to the SMBv1 vulnerability known as EternalBlue.
Many assets on the list also exhibited high vulnerability scores, had threats detected, were flagged for unencrypted traffic, or were impacted by vulnerabilities like CDPwn, which affects network infrastructure and VoIPs. Additionally, it was found that half of pneumatic tube systems had an unsafe software update mechanism.
In conclusion, Armis’ research has highlighted the riskiest connected assets that threaten global businesses. It is crucial for organizations to have a comprehensive security strategy that takes into account all physical and virtual assets. This strategy should prioritize asset intelligence cybersecurity and include necessary patches to mitigate risks from weaponized CVEs and other vulnerabilities. By doing so, organizations can better defend against malicious cyberattacks and protect their valuable data.