UPDATED 09:00 EDT / SEPTEMBER 05 2023

SECURITY

Armis report sheds light on top 10 targeted assets by cyberattackers

A new report released today by asset visibility and security company Armis Inc. has identified the riskiest connected assets posing threats to global businesses.

Based on data from the Armis Asset Intelligence Engine, the findings focus on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures, and high-risk ratings to determine the riskiest assets. The report finds that the top 10 asset types with the highest number of attacks were distributed across information technology, operational technology, the internet of things, the internet of medical things, the internet of personal things and building management systems.

Demonstrating that attackers care more about their potential access to assets rather than the type, topping the list with the highest number of attack attempts were engineering workstations, followed by imaging workstations, media players, personal computers and virtual machines. Rounding out the top 10 were uninterruptible power supply devices, servers, media writers, tablets and mobile phones.

The Armis researchers identified a significant number of network-connected assets vulnerable to unpatched, weaponized CVEs published before Jan. 1, 2022. Some 62% of media writers in IoMT were found to be susceptible, followed by infusion pumps and internet protocol cameras at 26% each, media players at 25% and switches at 18%.

Armis also studied asset types with the most common high-risk factors, finding that many physical devices on the list take a long time to replace, such as servers and programmable logic controllers, which were often found to be running end-of-life or end-of-support operating systems. Assets nearing the end of their functional life were still in use, while other assets that are no longer actively supported or patched for vulnerabilities and security issues were also found.

Some assets, such as personal computers, were found to use SMBv1, a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the WannaCry and NotPetya attacks. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – another SMBv1 vulnerability.

Many assets identified were found to have high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic, or still have the CDPwn vulnerabilities affecting network infrastructure and VoIP.

“The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts,” said Tom Gol, chief technology officer of Research at Armis Engineering. “Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”

Image: Armis

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU