Engineering workstations are riskiest connected assets, Armis study finds

Armis, the asset visibility and security company, released new research identifying the riskiest connected assets posing threats to global businesses. Findings highlight risk being introduced to firms through a variety of connected assets across device classes, emphasizing a need for a comprehensive security strategy to protect an organization’s attack surface in real-time.

What were the findings of Armis’ research?

Armis’ latest research report, analyzed from the Armis Asset Intelligence Engine, focuses comprehensively on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.

Assets With The Highest Number of Attack Attempts

Armis’ new research found the top 10 asset types with the highest number of attack attempts were distributed across asset types: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS). This demonstrates that attackers care more about their potential access to assets rather than the type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Top 10 device types with the highest number of attack attempts:

  • Engineering workstations (OT)
  • Imaging workstations (IoMT)
  • Media players (IoT)
  • Personal computers (IT)
  • Virtual machines (IT)
  • Uninterruptible power supply (UPS) devices (BMS)
  • Servers (IT)
  • Media writers (IoMT)
  • Tablets (IoPT)
  • Mobile phones (IoPT)

Assets With Unpatched, Weaponized CVEs Vulnerable to Exploitation

Armis found a significant number of network-connected assets susceptible to unpatched, weaponized CVEs published before 1/1/2022. Zooming in on the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified the list reflected in Figure A. Unpatched, these assets introduce risk to businesses.

Assets with a High-Risk Rating

Armis also examined asset types with the most common high-risk factors:

  • Many physical devices on the list that take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
  • Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts have advised organizations to stop using it completely. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
  • Many assets identified in the list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
  • Half (50%) of pneumatic tube systems were found to have an unsafe software update mechanism.

What are Armis’ thoughts on the research findings?

Nadir Izrael, Chief Technology Officer and Co-founder of Armis
Nadir Izrael, Chief Technology Officer and Co-founder of Armis

“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours. This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit,” said Nadir Izrael, CTO and Co-Founder of Armis.

“Malicious actors are targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs. The potential impact of breaching these assets on businesses and their clients is also a critical factor when it comes to why these have the highest number of attempts,” said Tom Gol, CTO of Research, Armis.

“Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”

Additional research from Armis is available on the riskiest OT and ICS devices across critical infrastructure industries and the riskiest medical and IoT devices in clinical environments.

Learn more about Armis at the website.