Armis Report Highlights Top Ten Assets Targeted by Threat Actors

Highlights:

• Some assets, including personal computers, were discovered to use SMBv1, an old, convoluted, unencrypted protocol that has been the focus of the WannaCry and NotPetya attacks.
• According to research by Armis, 74% of enterprises still have at least one network asset susceptible to EternalBlue, another SMBv1 vulnerability.

Asset visibility and security provider Armis Inc. put forth new research highlighting the most risky connected assets that cause hazards to international enterprises.

To identify the riskiest assets, research based on Armis Asset Intelligence Engine data focuses on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures, and high-risk ratings. According to the research, information technology, operational technology, the Internet of Things, the Internet of Medical Things, the Internet of Personal Things, and building management systems were among the top ten asset types with the most significant number of attacks.

Engineering workstations topped the list with the highest number of attack attempts, followed by imaging workstations, media players, personal computers, and virtual machines, showing that attackers are more concerned about their possible access to assets than the type of asset. Uninterruptible power supply units, servers, media producers, tablets, and cell phones completed the top ten.

A sizable number of network-connected assets were found by the Armis researchers to be exposed to unpatched, weaponized CVEs published before January 1, 2022. 62% of IoMT media writers were vulnerable, followed by 26% of infusion devices, 26% of internet protocol cameras, 25% of media players, and 18% of switches.

Armis also looked at asset types with the most prevalent high-risk variables. The company discovered that many physical devices on the list, including servers and programmable logic controllers, take a while to replace since they frequently run out of support or end-of-life operating systems. In addition to finding assets that were no longer being actively supported or patched for security flaws and vulnerabilities, it was also discovered that assets close to the end of their useful lives were still in use.

Some assets, including personal computers, were discovered to use SMBv1, an old, convoluted, unencrypted protocol that has been the focus of the WannaCry and NotPetya attacks. According to research by Armis, 74% of enterprises still have at least one network asset susceptible to EternalBlue, another SMBv1 vulnerability.

Numerous assets discovered had high vulnerability scores, threats, unencrypted traffic, or CDPwn vulnerabilities affecting VoIP and network infrastructure.

Tom Gol, Chief Technology Officer of Research at Armis Engineering, said, “The potential impact of breaching these assets on businesses and their customers is also a critical factor regarding why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals, and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”