A new report released today by asset visibility and security company Armis Inc. has identified the riskiest connected assets posing threats to global businesses.

Based on data from the Armis Asset Intelligence Engine, the findings focus on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures, and high-risk ratings to determine the riskiest assets. The report finds that the top 10 asset types with the highest number of attacks were distributed across information technology, operational technology, the internet of things, the internet of medical things, the internet of personal things and building management systems.

Demonstrating that attackers care more about their potential access to assets rather than the type, topping the list with the highest number of attack attempts were engineering workstations, followed by imaging workstations, media players, personal computers and virtual machines. Rounding out the top 10 were uninterruptible power supply devices, servers, media writers, tablets and mobile phones.

The Armis researchers identified a significant number of network-connected assets vulnerable to unpatched, weaponized CVEs published before Jan. 1, 2022. Some 62% of media writers in IoMT were found to be susceptible, followed by infusion pumps and internet protocol cameras at 26% each, media players at 25% and switches at 18%.

Armis also studied asset types with the most common high-risk factors, finding that many physical devices on the list take a long time to replace, such as servers and programmable logic controllers, which were often found to be running end-of-life or end-of-support operating systems. Assets nearing the end of their functional life were still in use, while other assets that are no longer actively supported or patched for vulnerabilities and security issues were also found.

Some assets, such as personal computers, were found to use SMBv1, a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the WannaCry and NotPetya attacks. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – another SMBv1 vulnerability.

Many assets identified were found to have high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic, or still have the CDPwn vulnerabilities affecting network infrastructure and VoIP.

“The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts,” said Tom Gol, chief technology officer of Research at Armis Engineering. “Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”

Image: Armis