Armis Identifies the Riskiest Assets Introducing Threats to Global Businesses
Armis, the leading asset visibility and security company, today released new research identifying the riskiest connected assets posing threats to global businesses. Findings highlight risk being introduced to organizations through a variety of connected assets across device classes, emphasizing a need for a comprehensive security strategy to protect an organization’s entire attack surface in real-time.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230905844605/en/
Source: Data from the Armis Asset Intelligence Engine collected between August 2022 and July 2023.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, CTO and Co-Founder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
Armis’ research, analyzed from the Armis Asset Intelligence Engine, focuses on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.
Assets With The Highest Number of Attack Attempts
Armis found the top 10 asset types with the highest number of attack attempts were distributed across asset types: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS). This demonstrates that attackers care more about their potential access to assets rather than the type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.
Top 10 device types with the highest number of attack attempts:
- Engineering workstations (OT)
- Imaging workstations (IoMT)
- Media players (IoT)
- Personal computers (IT)
- Virtual machines (IT)
- Uninterruptible power supply (UPS) devices (BMS)
- Servers (IT)
- Media writers (IoMT)
- Tablets (IoPT)
- Mobile phones (IoPT)
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, CTO of Research at Armis. “The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”
Assets With Unpatched, Weaponized CVEs Vulnerable to Exploitation
Researchers identified a significant number of network-connected assets susceptible to unpatched, weaponized CVEs published before 1/1/2022. Zooming in on the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified the list reflected in Figure A. Unpatched, these assets introduce significant risk to businesses.
Assets with a High-Risk Rating
Armis also examined asset types with the most common high-risk factors:
- Many physical devices on the list that take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
- Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts have advised organizations to stop using it completely. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
- Many assets identified in the list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
- Half (50%) of pneumatic tube systems were found to have an unsafe software update mechanism.
Additional research from Armis is available on the riskiest OT and ICS devices across critical infrastructure industries as well as the riskiest medical and IoT devices in clinical environments.
Learn more about Armis at www.armis.com.
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
Senior Director, Global Communications
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Reibus International Announces CEO Transition29.11.2023 22:00:00 EET | Press release
Reibus International, the world’s largest online marketplace for metals, announces the appointment of Temy Mancusi-Ungaro as its new Interim Chief Executive Officer. The decision to bring Temy on board reflects a new era of investment in the company and Reibus’ continued commitment to driving innovation and growth in the metals industry. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231129023580/en/ Temy Mancusi-Ungaro (Photo: Business Wire) With over 17 years of experience in the B2B Software industry, Temy is a seasoned operator who brings a proven track record of scaling innovative B2B companies, including Reachdesk, Electric, Yext, and CityGrid. He most recently held the position of CEO at Reachdesk, where his acumen for navigating the complexities of scaling a business led the company to be named among the top 100 fastest-growing products, according to G2, for three years in a row. "We are thrilled to welcome Temy to t
Tongxin Micro Making a Splash at TRUSTECH, and Unveiling the World’s First eSIM Solution Tailored for Smart POS Systems29.11.2023 20:00:00 EET | Press release
November 28th marks the grand opening of TRUSTECH 2023 in Paris, France. Tongxin Micro, an industry-leading semiconductor solution provider, makes an impressive debut, showcasing its technological advancements in identity recognition, telecommunications, and financial payments. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231129462718/en/ (Photo: Business Wire) In the realm of identity recognition, Tongxin Micro brings its document chip solutions in compliance with international ICAO standards that boast the highest security levels globally, catering to such applications as seafarer’s passport and official passport. In telecommunications, a full array of products and terminal applications are displayed, including standard SIM, SWP-SIM, digital car keys based on SWP-SIM, and eSIM wearable devices. In the payment sector, Tongxin Micro’s innovative payment technologies draw significant attention, ranging from chip application
Gillette Gaming launches new creative concept, Hit Reset with Gillette, to encourage and inspire gamers and fans worldwide29.11.2023 19:15:00 EET | Press release
For over ten years, GilletteTM, the world’s largest male grooming company, has been helping gamers look and play their best, whether it be for gaming or everyday life. This year, Gillette is refreshing its approach and creating a new era of gaming with its newest campaign, “Hit Reset with Gillette” – encouraging the gaming community to hit reset after a night of gaming, come back a better player and look sharp for the day with a fresh shave. Hitting “reset” is a universal term in gaming and works perfectly with grooming – inviting gamers and fans to start their day looking and feeling their best, to be their best and most confident, whether it be in gaming or whatever the day has ahead. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231129843095/en/ (Graphic: Business Wire) To further inspire the gaming community, Gillette will leverage its Gillette Gaming Alliance to create “Hit Reset with Gillette” content and host branded
Kahuna Workforce Solutions Secures $21 Million in Series B Funding from Resolve Growth Partners to Advance Skills Management Technology for Frontline Workers29.11.2023 19:08:00 EET | Press release
Kahuna Workforce Solutions, the leading provider of operational skills and competency management software, today announced a $21 million Series B funding round led by Resolve Growth Partners. This investment marks a significant milestone in Kahuna’s growth journey and solidifies the criticality of skills management for industries with technical frontline workforces. As organizations navigate an ever-evolving and complex landscape, understanding, validating, and aligning workforce skills to strategic business objectives is central to operating at the highest level. Kahuna is at the forefront of skills management technology, equipping organizations with actionable skill insights for effective assessment, training and development, and staffing and deployment initiatives, ultimately enabling resilient operations, improved productivity, and a more competitive workforce. Kahuna’s customer base of leading Fortune 500 energy, manufacturing, and field service organizations, and world-renowned h
OPPSCIENCE Reaffirms Its Commitment to Public Security by Supporting the AGIR Meetings Sponsored by French National Gendarmerie29.11.2023 18:45:00 EET | Press release
OPPSCIENCE, a leader in Intelligence Analysis Management (IAM), reaffirms its support for public security by sponsoring the AGIR event. Following the introduction of its latest version of SPECTRA, a software dedicated to law enforcement, during Milipol Paris, OPPSCIENCE contributes to accelerating the initiatives of the National Gendarmerie on the seek of innovations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20231129543708/en/ The encounters at AGIR supported by OPPSCIENCE (Photo: Business Wire) MEETINGS AT AGIR: UNDERSTANDING THE NEEDS OF THE GENDARMERIE FOR LAW ENFORCEMENT Strengthening the dialogue between law enforcement and the technology industry is the goal of the AGIR exhibition (Accompagnement par la Gendarmerie de l’Innovation, de l’Industrie et de la Recherche). Initiated by the innovation unit of the National Gendarmerie, this exhibition enables innovators in the Gendarmerie community, specialized units, proj
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.Visit our pressroom