Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets

We Keep you Connected

Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets

Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets
Your email has been sent
Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.
Asset visibility and security company Armis identified connected assets posing the greatest risks to global enterprise. Armis’ new research, based on analysis from its Asset Intelligence Engine, focused on connected assets with the most attack attempts, weaponized common vulnerabilities and exposures and other high-risk factors.
The top 10 asset types with the highest number of attack attempts were distributed across IT, operational technology, the Internet of Things, the Internet of Medical Things, the Internet of Personal Things and building management systems.
SEE: Securing IoT with Microsoft Defender for IoT sensors (TechRepublic)
Armis reported that the devices with the highest number of attack attempts were:
The research reiterates findings in June this year about the most at-risk devices by the firm’s Asset Intelligence and Security Platform, which tracks over 3 billion assets according to Armis.
In that research, Armis found critical vulnerabilities in engineering workstations, supervisory control and data acquisition servers, automation servers, control system historians and programmable logic controllers, which are also the most vulnerable OT and industrial control systems.
“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and known weaponized CVEs,” said Tom Gol, CTO of research at Armis.
Gol said in a statement that these assets are attractive for attackers because they can wreak havoc across multiple systems.
SEE: Armis and Honeywell uncover vulnerabilities in Honeywell Systems (TechRepublic)
“Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks,” Gol said, adding that defenders should improve visibility of these assets and patch vulnerabilities (Figure A).
Figure A
The Armis researchers found a number of asset types with common high-risk factors:
Armis said it found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue exploited by NotPetya to gain initial access before using credential theft for privilege escalation.
“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, CTO and cofounder of Armis. “This intelligence is crucial to helping organizations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Voice engineers are responsible for installing, operating and managing voice communication systems — a critically important role for any business. This cheat sheet from TechRepublic Premium provides a section of general questions, followed by job-specific questions aimed at determining candidates’ experience, skills and suitability for the voice engineer position. Questions from the cheat sheet: Describe …
Whether you work for a company completely committed to the cloud, relying exclusively on a physical data center or utilizing a hybrid of the two, supporting the business through proper setups and maintenance makes server know-how even more critical. This checklist from TechRepublic Premium is intended to provide management guidelines and solutions to many of …
An organization’s IT hardware inventory constitutes a significant capital investment in order to perform company operations. Because hardware represents a critical asset and often holds organizational data, it is important for the company to track each component from purchase and deployment to decommissioning and disposal. This policy from TechRepublic Premium describes the guidelines by which …
When it comes to DIY home security, there are many systems and components to consider and many decisions to make. This vendor comparison guide from TechRepublic Premium provides advice you can follow as you make decisions regarding how you will deploy a home security system. The accompanying comparison tool will document your research and provide …

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE