Armis Identifies the Riskiest Assets Introducing Threats to Global Businesses
5.9.2023 16:00:00 EEST | Business Wire | Press release
Armis, the leading asset visibility and security company, today released new research identifying the riskiest connected assets posing threats to global businesses. Findings highlight risk being introduced to organizations through a variety of connected assets across device classes, emphasizing a need for a comprehensive security strategy to protect an organization’s entire attack surface in real-time.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230905844605/en/
Source: Data from the Armis Asset Intelligence Engine collected between August 2022 and July 2023.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, CTO and Co-Founder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
Armis’ research, analyzed from the Armis Asset Intelligence Engine, focuses on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.
Assets With The Highest Number of Attack Attempts
Armis found the top 10 asset types with the highest number of attack attempts were distributed across asset types: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS). This demonstrates that attackers care more about their potential access to assets rather than the type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.
Top 10 device types with the highest number of attack attempts:
- Engineering workstations (OT)
- Imaging workstations (IoMT)
- Media players (IoT)
- Personal computers (IT)
- Virtual machines (IT)
- Uninterruptible power supply (UPS) devices (BMS)
- Servers (IT)
- Media writers (IoMT)
- Tablets (IoPT)
- Mobile phones (IoPT)
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, CTO of Research at Armis. “The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”
Assets With Unpatched, Weaponized CVEs Vulnerable to Exploitation
Researchers identified a significant number of network-connected assets susceptible to unpatched, weaponized CVEs published before 1/1/2022. Zooming in on the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified the list reflected in Figure A. Unpatched, these assets introduce significant risk to businesses.
Assets with a High-Risk Rating
Armis also examined asset types with the most common high-risk factors:
- Many physical devices on the list that take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
- Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts have advised organizations to stop using it completely. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
- Many assets identified in the list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
- Half (50%) of pneumatic tube systems were found to have an unsafe software update mechanism.
Additional research from Armis is available on the riskiest OT and ICS devices across critical infrastructure industries as well as the riskiest medical and IoT devices in clinical environments.
Learn more about Armis at www.armis.com.
About Armis
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230905844605/en/
Contact information
Rebecca Cradick
Senior Director, Global Communications
Armis
pr@armis.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Axelspace’s Seven GRUS-3 Earth Observation Microsatellites Successfully Launched and First Signals Received8.7.2026 08:00:00 EEST | Press release
Axelspace Corporation (“Axelspace”), a leading developer and operator of microsatellites dedicated to realizing its vision of “Space within Your Reach,” announced that the seven GRUS-3 next-generation Earth observation microsatellites were successfully launched and that the first radio signals were successfully received. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707291751/en/ The successful launch of Falcon 9 ©SpaceX GRUS-3 was integrated via Exolaunch and launched aboard a SpaceX Falcon 9 rocket from Vandenberg Space Force Base in California, USA, on July 7, 2026 at 07:12 (UTC) during the Transporter-17 rideshare mission. The satellites were successfully put into their intended orbit. Axelspace received the first radio signals from all the seven satellites in orbit. The satellites are currently operating normally. Axelspace is working toward completing the critical operation of the GRUS-3 microsatellite to ensure pr
QpiAI Open-Sources Its Quantum SDK to Accelerate Global Quantum Software Development8.7.2026 07:30:00 EEST | Press release
QpiAI, a globally leading full-stack quantum computing company, today released the QpiAI Quantum SDK as open-source software. Available now at https://github.com/qpiai/quantum-sdk, the QpiAI Quantum SDK gives developers, researchers, and startups an accessible, developer-friendly toolkit to build and run quantum algorithms and to connect their quantum development workflows directly to QpiAI's 8-qubit and 25-qubit quantum computers through QpiAI-QCloud (https://qcloud.qpiai.tech/). The release is designed to expand access to quantum software development for developers, researchers, universities, startups, and enterprise innovation teams worldwide. By open-sourcing the SDK, QpiAI is giving the global quantum community a practical foundation for building industry-specific quantum solutions across finance, logistics, materials, chemistry, security, AI, optimization, and advanced scientific computing. The QpiAI Quantum SDK provides a Python-based interface for circuit creation, simulation,
Access Advance Welcomes Wave of New Licensees to the HEVC Advance Patent Pool8.7.2026 03:00:00 EEST | Press release
Access Advance LLC, the leading HEVC patent pool administrator, today announced a significant expansion of the HEVC Advance Patent Pool, with 28 companies executing licenses in the first half of 2026. The new Licensees span consumer electronics, automotive, telecommunications, industrial technology, and professional security, reflecting the breadth of industries in which HEVC has become a foundational video technology. "HEVC remains the cornerstone of modern video delivery, and the demand we are seeing from new Licensees speaks to the long-term commercial relevance of this technology," said Peter Moller, CEO of Access Advance. "HEVC licensing activity has been consistently strong, and we are pleased to welcome a number of important new participants to the program." Notably, nine video surveillance equipment manufacturers have joined the HEVC Advance program as Licensees, ranging from three of the world's largest video surveillance equipment makers to specialized developers of security
Empire State Building Observation Deck Run-Up Returns for 48 th Annual Race on Oct. 68.7.2026 01:22:00 EEST | Press release
The Empire State Building Observation Deck (ESB), atop the “World’s Most Famous Building,” today announced that general lottery registration is open for this year's Empire State Building Observation Deck Run-Up (ESBRU), which will run through July 20, 2026. The annual race, presented by NYU Langone Health and powered by Merrell, will take place on Oct. 6, 2026, at 8 p.m. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707902561/en/ Empire State Building Observation Deck Run-Up Returns for 48th Annual Race on Oct. 6 This year’s race marks the 48th anniversary of the event, in which 225 runners will race up 1,576 stairs of the iconic New York City landmark to reach the world-famous 86th Floor Observation Deck. “Every year, the Empire State Building Observation Deck Run-Up is a remarkable feat for all who participate as they race up to Tripadvisor's #1 top attraction in the U.S.,” said Tony Malkin, chairman and CEO of the Emp
Modon's Hudayriyat Golf Estates Sets UAE Record With More Than AED 13 Billion in Sales Within Days of Launch7.7.2026 21:36:00 EEST | Press release
Modon has set a new benchmark for the UAE real estate market with the launch of Hudayriyat Golf Estates on Hudayriyat Island, Abu Dhabi. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260707126559/en/ Modon's Hudayriyat Golf Estates sets UAE record with more than AED 13 billion in sales within days of launch (Photo: AETOSWire) Within days of launch, the community achieved record-breaking sales exceeding AED 13 billion, marking the highest publicly recorded sales value for a single residential project launch in the UAE. Comprising an exclusive collection of golf mansions, villas, and townhouses, the development saw 1,700 of its residences sold after few days of launch. The response from buyers and investors reflects confidence in Abu Dhabi’s real estate market and Modon’s development vision, while reinforcing Hudayriyat Island’s position as a premier lifestyle destination. Designed around privacy, wellbeing and premium living
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
