Riskiest Assets Introducing Threats to Global Businesses

Explore Armis’ groundbreaking research revealing the evolving cybersecurity threats facing global businesses. Learn how proactive risk mitigation and asset intelligence are crucial for safeguarding organizations in the digital age

Armis, the leading company specializing in asset visibility and security, has unveiled fresh research that identifies the most precarious connected assets posing threats to global businesses. The findings underscore the growing risk organizations face from a range of connected assets across various device categories, emphasizing the imperative need for a comprehensive security strategy to safeguard an organization’s entire attack surface in real-time.

Nadir Izrael, the CTO and Co-Founder of Armis, emphasized their mission of continually educating global businesses about the evolving and heightened risks introduced to their attack surfaces through both managed and unmanaged assets. He stressed that this intelligence is vital in enabling organizations to defend against malicious cyberattacks, preventing them from operating in the dark and being susceptible to exploitable blind spots.

Armis conducted their research by leveraging the Armis Asset Intelligence Engine, focusing on connected assets with the highest number of attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs), and elevated risk ratings to identify the riskiest assets.

Assets With the Most Frequent Attack Attempts

Armis discovered that the top 10 asset types with the highest number of attack attempts encompassed various categories, including IT, OT, IoT, IoMT, Internet of Personal Things (IoPT), and Building Management Systems (BMS). This underscores the fact that attackers prioritize potential access to assets over their specific type, underscoring the need for security teams to consider all physical and virtual assets within their security strategies.

Top 10 Device Types With the Most Frequent Attack Attempts:

  1. Engineering workstations (OT)
  2. Imaging workstations (IoMT)
  3. Media players (IoT)
  4. Personal computers (IT)
  5. Virtual machines (IT)
  6. Uninterruptible power supply (UPS) devices (BMS)
  7. Servers (IT)
  8. Media writers (IoMT)
  9. Tablets (IoPT)
  10. Mobile phones (IoPT)

Tom Gol, CTO of Research at Armis, pointed out that malicious actors target these assets intentionally due to their external accessibility, extensive and intricate attack surfaces, and known weaponized CVEs. The potential impact of breaching these assets on businesses and their customers is a critical factor driving these high attack attempts. For instance, engineering workstations can connect to all controllers in a factory, imaging workstations gather private patient data from hospitals, and UPSs can serve as access points to critical infrastructure entities, making them attractive targets for various malicious actors, including ransomware deployment and nation-state attacks. IT leaders must prioritize asset intelligence cybersecurity and apply patches to mitigate these risks.

Assets Vulnerable to Exploitation Due to Unpatched, Weaponized CVEs

Researchers identified a significant number of network-connected assets susceptible to unpatched, weaponized CVEs published before January 1, 2022. Focusing on the highest percentage of devices of each type with these CVEs between August 2022 and July 2023, Armis identified a list that introduces substantial risk to businesses when left unpatched.

Assets With High-Risk Ratings

Armis also examined asset types exhibiting common high-risk factors:

  • Many physical devices on the list are challenging to replace, such as servers and Programmable Logic Controllers (PLCs), which run end-of-life (EOL) or end-of-support (EOS) operating systems.
  • Some assets, including personal computers, still utilize the legacy, unencrypted, and vulnerable SMBv1 protocol, as seen in the Wannacry and NotPetya attacks.
  • Numerous assets on the list had high vulnerability scores, detected threats, unencrypted traffic, or were affected by CDPwn vulnerabilities impacting network infrastructure and VoIP systems.
  • Alarmingly, 50% of pneumatic tube systems were found to have an unsafe software update mechanism.

Armis’ groundbreaking research shines a spotlight on the ever-evolving landscape of cybersecurity threats facing global businesses. With the proliferation of connected assets across diverse categories, the need for a robust and dynamic security strategy has never been more evident. The insights provided by Armis underscore the critical importance of proactive risk mitigation and asset intelligence, enabling organizations to stay ahead of malicious actors seeking to exploit vulnerabilities. As we navigate an increasingly digital world, safeguarding our entire attack surface in real-time remains paramount. Armis’ findings serve as a call to action for businesses to prioritize cybersecurity, patch vulnerabilities, and stay vigilant in the ongoing battle against cyber threats, ultimately ensuring the safety and resilience of our digital ecosystems.