Armis identifies risky assets posing threats to global businesses

Tom Gol of Armis

Armis, has released research, identifying risky assets posing threats to global businesses. Findings highlight risk being introduced to organisations through a variety of connected assets across device classes, emphasising a need for a comprehensive security strategy to protect an organisation’s entire attack surface in real-time.

“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours. This intelligence is crucial to helping organisations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.” says Nadir Izrael, CTO and co-founder of Armis.

Armis’ research, analysed from Armis Asset Intelligence Engine, focuses on connected assets with more attack attempts, weaponised common vulnerabilities and exposures (CVEs) and high risk ratings to determine risky assets.

Assets with considerable number of attack attempts

Armis found 10 asset types with high number of attack attempts were distributed across asset types: IT (information technology), OT (operational technology), IoT (internet of things), IoMT (internet of medical things), internet of personal things (IoPT) and building management systems (BMS). This demonstrates that attackers care more about their potential access to assets rather than type, reinforcing need for security teams to account for all physical and virtual assets as part of their security strategy.

Top 10 device types with high number of attack attempts:

  • Engineering workstations (OT)
  • Imaging workstations (IoMT)
  • Media players (IoT)
  • Personal computers (IT)
  • Virtual machines (IT)
  • Uninterruptible power supply (UPS) devices (BMS)
  • Servers (IT)
  • Media writers (IoMT)
  • Tablets (IoPT)
  • Mobile phones (IoPT)

“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponised CVEs. The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritise asset intelligence cybersecurity and apply patches to mitigate this risk.” says Tom Gol, CTO of research at Armis.

Assets with unpatched, weaponised CVEs vulnerable to exploitation

Researchers identified a number of network-connected assets susceptible to unpatched, weaponised CVEs published before 1/1/2022. Zooming in on the high percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified list reflected in Figure A. Unpatched, these assets introduce risk to businesses.

Assets with a high risk rating

Armis also examined asset types with the most common high-risk factors:

  • Many physical devices on list that take a long time to replace, such as servers and programmable logic controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by manufacturer.
  • Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in infamous Wannacry and NotPetya attacks. Security experts have advised organisations to stop using it completely. Armis found that 74% of organisations still have at least one asset in their network vulnerable to EternalBlue, an SMBv1 vulnerability.
  • Many assets identified in list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have CDPwn vulnerabilities impacting network infrastructure and VoIPs.
  • Half of pneumatic tube systems were found to have an unsafe software update mechanism.

Additional research from Armis is available on risky OT and ICS devices across critical infrastructure industries as well as the risky medical and IoT devices in clinical environments

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES
close up small cars model road traffic conception

Carson City upgrades to Iteris’ advanced Vantage Apex sensors

Posted on: April 26, 2024

Iteris has announced that Carson City, Nevada has chosen to upgrade the city’s intersection detection sensors to Iteris’ Vantage Apex hybrid sensors.

Read more

Make the Intelligent Choice: Embed X103 in Smart City Outdoor Devices

Posted on: April 25, 2024

The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more