Most Attacked and Most Vulnerable Cyber Assets. September 7, 2023 story by Ian Garrett

Описание: Full episode available on your favorite podcast platform: https://bit.ly/505-updates 📌

What are the riskiest cyber assets threatening global businesses? Armis, a security company, conducted a study focused on cyber assets with the highest number of attack attempts and weaponized Common Vulnerabilities and Exposures (or CVEs). The study highlights the most vulnerable assets are among the Internet of Medical Things (or IoMT) and the most targeted among Operational Technology (or OT) assets.

Hey folks, this is Ian Garrett in Arlington, VA.

Which are the most vulnerable to unpatched CVEs? Armis identified a substantial number of network-connected assets vulnerable to unpatched, weaponized CVEs. The research revealed the assets most susceptible to these vulnerabilities, presenting significant risks to businesses. The top three and their categories are: media writers (which is IoMT), Infusion pumps (also IoMT), and IP cameras (which are IoT). IT targets like Routers and OT targets like SCADA servers also made the list.

While the previously listed items were the most vulnerable, the study also looked at the most targeted assets. Armis discovered that the top 10 asset types with the highest number of attack attempts span IT, OT, IoT, IoMT, Internet of Personal Things (or IoPT), and Building Management System (or BMS) assets. This emphasizes attackers’ focus on potential access rather than asset type, underscoring the importance of a comprehensive security strategy encompassing all assets.

The top 3 device types with the highest number of attack attempts include engineering workstations (which is OT), imaging workstations (which is IoMT), and media players (which is IoT). A number of IT assets such as personal computers also made the top 10 list. These assets are attractive targets due to their external accessibility, extensive attack surface, and known weaponized CVEs.

Armis also explored asset types with common high-risk factors. Devices that are challenging to replace, such as servers and programmable logic controllers, often run on end-of-life or end-of-support operating systems. These assets are at high risk, as end-of-support assets no longer receive manufacturer support or patches for vulnerabilities.

This research highlights the critical need for organizations to address vulnerabilities across various asset types to mitigate cyber risks effectively.

#cybersecurity #opensource #databreach #its505 #podcast