Armis Identifies the Riskiest Assets Introducing Threats to Global Businesses
Armis, the leading asset visibility and security company, today released new research identifying the riskiest connected assets posing threats to global businesses. Findings highlight risk being introduced to organizations through a variety of connected assets across device classes, emphasizing a need for a comprehensive security strategy to protect an organization’s entire attack surface in real-time.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230905844605/en/
Source: Data from the Armis Asset Intelligence Engine collected between August 2022 and July 2023.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, CTO and Co-Founder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
Armis’ research, analyzed from the Armis Asset Intelligence Engine, focuses on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.
Assets With The Highest Number of Attack Attempts
Armis found the top 10 asset types with the highest number of attack attempts were distributed across asset types: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS). This demonstrates that attackers care more about their potential access to assets rather than the type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.
Top 10 device types with the highest number of attack attempts:
- Engineering workstations (OT)
- Imaging workstations (IoMT)
- Media players (IoT)
- Personal computers (IT)
- Virtual machines (IT)
- Uninterruptible power supply (UPS) devices (BMS)
- Servers (IT)
- Media writers (IoMT)
- Tablets (IoPT)
- Mobile phones (IoPT)
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, CTO of Research at Armis. “The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”
Assets With Unpatched, Weaponized CVEs Vulnerable to Exploitation
Researchers identified a significant number of network-connected assets susceptible to unpatched, weaponized CVEs published before 1/1/2022. Zooming in on the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified the list reflected in Figure A. Unpatched, these assets introduce significant risk to businesses.
Assets with a High-Risk Rating
Armis also examined asset types with the most common high-risk factors:
- Many physical devices on the list that take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
- Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts have advised organizations to stop using it completely. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
- Many assets identified in the list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
- Half (50%) of pneumatic tube systems were found to have an unsafe software update mechanism.
Additional research from Armis is available on the riskiest OT and ICS devices across critical infrastructure industries as well as the riskiest medical and IoT devices in clinical environments.
Learn more about Armis at www.armis.com.
About Armis
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230905844605/en/
Contact information
Rebecca Cradick
Senior Director, Global Communications
Armis
pr@armis.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Bynder Kicks Off Peak Shopping Season by Serving a Record 6 Billion Assets - Powering Exceptional Global Content Experiences Online9.12.2024 17:07:00 EET | Press release
Bynder, a global leader in AI-powered enterprise DAM, has helped a number of global brands break Black Friday and Cyber Monday records by delivering exceptional content experiences at scale across a number of worldwide e-commerce channels. During the seven day period (November 27 - Dec 2 2024) which included Black Friday, Small Business Saturday, and Cyber Monday, Bynder’s Content Experiences (CX) for Omnichannel solution was responsible for serving more than 6 billion assets to over 70,000 websites, with more than 4.5 billion asset transformations undertaken. The figures represent a 15% increase in assets delivered vs 2023, plus 67% more assets were delivered through CX for Omnichannel on Black Friday than an average day in 2024. Customers such as Sur La Table, Bose, Raymour & Flanigan and Puma used CX for Omnichannel to deliver targeted and optimized content at scale to their digital channels over the busiest shopping days. Bynder customers were able to utilize the assets stored in t
NIQ, World Data Lab, and SPATE launch "Beauty Futures" Report - A guide to generational journeys of global beauty buyers9.12.2024 16:00:00 EET | Press release
NielsenIQ (NIQ) collaborated with World Data Lab and SPATE to release a comprehensive generational report purely focused on the beauty market in the next decade. The report reveals key insights into generational preferences, spending habits, values, priorities, motivators, shopping behaviors, and their influence on global beauty trends. It highlights the crucial role each generation will play in shaping consumer preferences and spending over the next decade. Millennials will be at the helm of this trend by driving nearly half of global beauty spend at US$ 193 Billion with Gen Z coming a close second at US$ 158 Billion. The global beauty industry is seeing unprecedented growth at US$ 1.1 Trillion, with a projected growth of US$ 700 Billion by 2034, of which Asia will be contributing US$ 310 Billion. Commenting on the findings, Claire Marty, Vice President, NIQ Beauty, said“At NIQ, we recognize that understanding generational differences is key to navigating the evolving beauty industry.
SLB adds AI-driven geosteering to its autonomous drilling solutions to achieve more efficient and productive wells9.12.2024 15:29:00 EET | Press release
Global energy technology company SLB (NYSE: SLB) introduces Neuro™ autonomous geosteering, which dynamically responds to subsurface complexities to drill more efficient, higher-performing wells, while reducing the carbon footprint of the drilling operations. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20241127402342/en/ Using AI, Neuro geosteering integrates and interprets complex real-time subsurface information to autonomously guide the drill bit through the most productive layer or “sweet spot” of the reservoir. (Photo: Business Wire) Using artificial intelligence (AI), Neuro geosteering integrates and interprets complex real-time subsurface information to autonomously guide the drill bit through the most productive layer or “sweet spot” of the reservoir. During conventional geosteering operations, geologists must manually interpret this data to identify a well target, update the well plan and trajectory, and communicate
Kinaxis Offers a Solution to Streamline Bel’s Supply Chain9.12.2024 14:00:00 EET | Press release
Bel Group, a major player in food through dairy, fruit and plant-based healthier eating portions, with iconic international brands such as The Laughing Cow®, Kiri®, Babybel®, Boursin®, Nurishh®, or GoGo squeeZ®, has partnered with Kinaxis® Inc. (TSX: KXS), a global leader in end-to-end supply chain orchestration, and its solution extension partner 4flow, to transform its supply chain operations from demand to distribution. As part of its strategic growth and sustainability initiatives, Bel Group sought innovative solutions to boost operational performance, enhance collaboration and strengthen sustainability. Renowned for iconic brands like Boursin®, Babybel®, The Laughing Cow®, GoGo squeeZ®, the Group needed a robust, agile supply chain capable of withstanding any disruption as it continues to grow and diversify its product offerings. “Our foremost priority is delighting our customers with fresh, premium-quality products, delivered with precision and care,” said Xavier François, chief
DeepGreenX Group and Hues Capital Launch $10 Billion USD Fund to Accelerate AI, Green Energy, and Computing Power9.12.2024 14:00:00 EET | Press release
DeepGreenX Group Inc. (“DeepGreenX,” “DXG,” or the “Company”), an AI-enabled green energy and technology company, and Hues Capital (“Hues”), a leading capital provider enabling financial technology ecosystems, AI, and green energy enterprises, jointly announced the formation of a new $10 billion USD fund (the “Fund”) to drive global advancements in AI, green energy, and computing power and accelerate sustainability initiatives worldwide. DeepGreenX and Hues will each hold a 50% stake and act as co-general partners in the $10 billion USD DXG-Hues parent fund, which will be based in the EU and comprise two $5 billion USD sub-funds: the DXG-Hues AI Computing Infrastructure Fund and the DXG-Hues AI Energy Fund. The former will focus on global investments in AI computing power and green energy infrastructure projects, while the latter will target emerging enterprises in the fields of AI ecosystems, fintech, and green energy. This initiative will bring together seasoned professionals with de
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom