Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.
Asset visibility and security company Armis identified connected assets posing the greatest risks to global enterprise. Armis’ new research, based on analysis from its Asset Intelligence Engine, focused on connected assets with the most attack attempts, weaponized common vulnerabilities and exposures and other high-risk factors.
The top 10 asset types with the highest number of attack attempts were distributed across IT, operational technology, the Internet of Things, the Internet of Medical Things, the Internet of Personal Things and building management systems.
SEE: Securing IoT with Microsoft Defender for IoT sensors (TechRepublic)
Armis reported that the devices with the highest number of attack attempts were:
The research reiterates findings in June this year about the most at-risk devices by the firm’s Asset Intelligence and Security Platform, which tracks over 3 billion assets according to Armis.
In that research, Armis found critical vulnerabilities in engineering workstations, supervisory control and data acquisition servers, automation servers, control system historians and programmable logic controllers, which are also the most vulnerable OT and industrial control systems.
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, CTO of research at Armis.
Gol said in a statement that these assets are attractive for attackers because they can wreak havoc across multiple systems.
SEE: Armis and Honeywell uncover vulnerabilities in Honeywell Systems (TechRepublic)
“Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks,” Gol said, adding that defenders should improve visibility of these assets and patch vulnerabilities (Figure A).
Figure A
The Armis researchers found a number of asset types with common high-risk factors:
Armis said it found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue exploited by NotPetya to gain initial access before using credential theft for privilege escalation.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, CTO and cofounder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
Karl is a lead writer on cloud security for TechRepublic, specializing in enterprise security risks, strategies, products, threats, trends and technologies for securing organizations. After graduating from Florida State University, he worked for the Tampa Tribune, and radio and TV stations in Tallahassee before moving to Boulder, Colorado. After receiving an MFA in dramatic writing from Brooklyn College he became a journalist and wrote for several years for publications covering the automotive, industrial chemical, internet tech and consumer marketing verticals. He has written for Adweek, Brandweek, The Chemical Market Reporter and MediaPost, and was also the public affairs officer at the NYU Tandon School of Engineering for six years prior to coming to TA.
