Armis Identifies the Riskiest Assets Introducing Threats to Global Businesses
Armis, the leading asset visibility and security company, today released new research identifying the riskiest connected assets posing threats to global businesses. Findings highlight risk being introduced to organizations through a variety of connected assets across device classes, emphasizing a need for a comprehensive security strategy to protect an organization’s entire attack surface in real-time.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230905844605/en/
Source: Data from the Armis Asset Intelligence Engine collected between August 2022 and July 2023.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, CTO and Co-Founder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
Armis’ research, analyzed from the Armis Asset Intelligence Engine, focuses on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.
Assets With The Highest Number of Attack Attempts
Armis found the top 10 asset types with the highest number of attack attempts were distributed across asset types: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS). This demonstrates that attackers care more about their potential access to assets rather than the type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.
Top 10 device types with the highest number of attack attempts:
- Engineering workstations (OT)
- Imaging workstations (IoMT)
- Media players (IoT)
- Personal computers (IT)
- Virtual machines (IT)
- Uninterruptible power supply (UPS) devices (BMS)
- Servers (IT)
- Media writers (IoMT)
- Tablets (IoPT)
- Mobile phones (IoPT)
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, CTO of Research at Armis. “The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”
Assets With Unpatched, Weaponized CVEs Vulnerable to Exploitation
Researchers identified a significant number of network-connected assets susceptible to unpatched, weaponized CVEs published before 1/1/2022. Zooming in on the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified the list reflected in Figure A. Unpatched, these assets introduce significant risk to businesses.
Assets with a High-Risk Rating
Armis also examined asset types with the most common high-risk factors:
- Many physical devices on the list that take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
- Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts have advised organizations to stop using it completely. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
- Many assets identified in the list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
- Half (50%) of pneumatic tube systems were found to have an unsafe software update mechanism.
Additional research from Armis is available on the riskiest OT and ICS devices across critical infrastructure industries as well as the riskiest medical and IoT devices in clinical environments.
Learn more about Armis at www.armis.com.
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
Senior Director, Global Communications
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Oliver Bäte, Allianz CEO, Addresses United Nations Climate Ambition Summit21.9.2023 18:00:00 EEST | Press release
Yesterday, leaders from 34 governments along with seven non-government bodies, including Californian governor Gavin Newsom, London mayor Sadiq Khan, the World Bank president, the Chief Executive of insurer Allianz, and the head of the UN’s Green Climate Fund, addressed the summit. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230921957666/en/ Oliver Baete, Allianz CEO, speaking at the UN Climate Ambitions Summit on September 20, 2023. (Photo: Business Wire) Allianz CEO Oliver Bäte was representing the UN-Convened Net-Zero Asset Owner Alliance (NZAOA) and Allianz's commitment as a "first mover and doer" in the global effort to combat the climate crisis. The transcript of Oliver Bäte’s speech follows. Dear excellencies, ladies and gentlemen, Since we last came together to announce the launch of the UN-Convened Net Zero Asset Owner Alliance in 2019 in this building, the world has changed profoundly. We have not talked about th
ProAmpac Joins Nestlé to Celebrate 2023 Digital Labels & Packaging Awards21.9.2023 17:41:00 EEST | Press release
ProAmpac, a leader in flexible packaging and material science, is proud to announce its partnership with Nestlé in celebrating their joint recognition for the prestigious 2023 Digital Labels & Packaging Award. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230921516289/en/ Teams from ProAmpac’s Grimsby site and Nestlé UK Celebrate the 2023 Digital Labels & Packaging Award (Photo: Business Wire) The annual Print Award, hosted by Digital Labels & Print Magazine (DLPM), recognizes the finest achievements in digital printing as applied to packaging. During the Awards Gala held on June 29 at the Kia Oval in London, DLPM announced that Nestlé Splash – KitKat, developed in collaboration with ProAmpac, emerged as a top contender in the Application Excellence – Primary Packaging category. "We are honored to have partnered with Nestlé on this packaging achievement," expressed Adam Grose, Chief Commercial Officer at ProAmpac. "Being na
Altasciences Chosen by Virpax to Support the Development of a New Drug to Prevent Spread of Flu-like Viruses21.9.2023 17:00:00 EEST | Press release
Altasciences is pleased to have been chosen by Virpax Pharmaceuticals, Inc. (NASDAQ:VRPX) (“Virpax”), a company specializing in developing non-addictive products for pain management, PTSD, central nervous system (CNS) disorders, and viral barrier indications, to conduct preclinical studies in support of their development of quaternary ammonium palmitoyl glycol chitosan (GCPQ, under the trade name of AnQlar™). AnQlar is a nanoparticle intended to help prevent the spread of negatively charged viruses such as COVID-19 and influenza via intranasal spray, and has shown to inhibit the ability of the virus to replicate at non-toxic concentrations. In development since 2022, the project has so far seen the completion of safety assessment utilizing intranasal administration at Altasciences’ preclinical site in Columbia, MO. A cardiovascular study was also completed at Altasciences’ preclinical facility in Scranton, PA. Bioanalytical sample analysis for the GLP studies is currently ongoing. “We
Nitek: End of the Road for Copycats21.9.2023 16:00:00 EEST | Press release
Nitek, Inc. (“Nitek”), a pioneering American company in UV LEDs, has announced that it filed a patent infringement lawsuit against Photon Wave Co., Ltd. (“Photon Wave”), a Korean UV LED manufacturer in the Eastern District of Texas. In the complaint, Nitek asserts that LED products of ams OSRAM, a German LED company, use Photon Wave’s infringing LEDs. Nitek also contends that Photon Wave has failed to cease selling infringing products, even after getting continuous warning notices of the patent infringement, and therefore Nitek is not only seeking a permanent injunction against the sales of infringing products but also pursuing 3 times damages for willful patent infringement. Nitek has previously successfully won its patent lawsuit against another international LED maker, and continues its enforcement against other infringers. Sensor Electronic Technology, Inc. (“SETi”), an affiliate of Nitek, has also obtained a permanent injunction for patent infringement against Bolb, Inc., a UV LED
Boomi Launches World Tour, Bringing Together Visionary Leaders and Industry Experts to Prepare Businesses for the AI Revolution21.9.2023 16:00:00 EEST | Press release
Boomi™, the intelligent connectivity and automation leader, today announced the Boomi World Tour, a premiere series of exclusive, in-person events bringing together Boomi customers, prospects, and partners to hear directly from Boomi leadership, industry experts, and visionaries on how organizations can leave complexity behind and synchronize everything, everywhere, with AI-driven integration and automation. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230921479137/en/ Boomi Launches World Tour, Bringing Together Visionary Leaders and Industry Experts to Prepare Businesses for the AI Revolution (Graphic: Business Wire) The Boomi World Tour is a series of 10 events over eight weeks, including three Partner Summits designed especially for Boomi partners, global systems integrators, and OEMs. The tour kicks off in Menlo Park, CA, October 3-4, 2023, where attendees will have opportunities to connect and learn throughout the tw
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.Visit our pressroom