Attackers are always looking for routes that will offer them a way into organizations’ networks. New research released today by Armis shows the devices that are most likely to pose a threat.
Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.
Top 10 device types with the highest number of attack attempts are:
Uninterruptible power supply (UPS) devices
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” says Tom Gol, CTO of research at Armis. “The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts. Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritize asset intelligence cybersecurity and apply patches to mitigate this risk.”
Researchers also identified a significant number of network-connected assets susceptible to unpatched, weaponised CVEs published before January 2022. These include specialist kit like media writers and infusion pumps, but also things like routers and smartwatches.
Many physical devices on the list take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), which means they are more likely to be running end-of-life or end-of-support operating systems.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” says Nadir Izrael, CTO and co-founder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
You can find out more on the Armis site.
Image credit: fotogestoeber / Shutterstock