Managed Security Services

Cyber Attackers Focus on Access to Assets, Not Device Types

Man walking out of a room through opened door . Pathway of opportunity.  Start up and career concept . This is a 3d rende illustration .

Cyber attackers zero in on potential access to assets, rather than the type of device, according to a new study from Armis, an asset visibility and security specialist.

The research findings underscore risks to organizations through vulnerabilities in a variety of connected assets across device classes, the San Francisco-based security provider said.

Armis found the top 10 asset types with the highest number of attack attempts distributed across asset types include: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS).

Based on Armis’ data, here are the top 10 device types with the highest number of attempted attacks:

  • Engineering workstations (OT)
  • Imaging workstations (IoMT)
  • Media players (IoT)
  • Personal computers (IT)
  • Virtual machines (IT)
  • Uninterruptible power supply (UPS) devices (BMS)
  • Servers (IT)
  • Media writers (IoMT)
  • Tablets (IoPT)
  • Mobile phones (IoPT)

“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, Armis chief technology officer and co-founder.

“This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”

The research, gleaned from the company’s asset Intelligence engine, focuses on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.

Here are the asset types with the highest risk rating: (per Armis)

  • Many physical devices take a long time to replace, such as servers and programmable logic controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
  • Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
  • Many assets exhibited high vulnerability scores, had threats detected, been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
  • 50% of pneumatic tube systems were found to have an unsafe software update mechanism.

“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, Armis research chief technology officer.

“Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.