While medical devices are the most susceptible to unpatched CVEs, operational technology assets are the most attacked. Credit: whiteMocca / Shutterstock New research from security company Armis has revealed the riskiest assets introducing threats to global businesses. Armis' research focused on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs), and high-risk ratings. Based on data from the Armis Asset Intelligence Engine, it found that internet of medical things (IoMT) assets- connected devices used in medical/healthcare environments - are the most susceptible to unpatched, weaponized CVEs, while operational technology (OT) assets are the most attacked. IoMT assets most susceptible to unpatched, weaponized CVEs Armis researchers identified a significant number of network-connected assets susceptible to unpatched, weaponized CVEs, listing the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023. Unpatched, these assets introduce significant risks to businesses. According to Armis, the assets most vulnerable to unpatched, weaponized CVEs are: Media writers (IoMT), 62% Infusion pumps (IoMT), 26% IP cameras (IoT), 26% Media players (IoT), 25% Switches (IT), 18% Engineering workstations (OT), 17% Personal smartwatches (IoPT), 16% Routers (IT), 15% SCADA servers (OT), 15% It is unsurprising to see medical assets topping the list. In January 2022, Cynerios's State of IoMT Device Security report found that more than half (53%) of the internet of things (IoT) and IoMT devices used in US healthcare pose critical cybersecurity risks with significant vulnerabilities that could jeopardize patient safety, data confidentiality, or service availability if exploited. In June this year, it was revealed that one-third of the UK's National Health Service (NHS) Trusts have no method for tracking IoT devices, potentially exposing information and services to significant security risks. OT assets most targeted by attacks The top 10 asset types with the highest number of attack attempts are distributed across IT, OT, IoT, IoMT, internet of personal things (IoPT), and building management system (BMS) assets, Armis found. This demonstrates that attackers prioritize potential access to assets rather than their type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy, the firm said. The top 10 device types with the highest number of attack attempts are: Engineering workstations (OT) Imaging workstations (IoMT) Media players (IoT) Personal computers (IT) Virtual machines (IT) Uninterruptible power supply (UPS) devices (BMS) Servers (IT) Media writers (IoMT) Tablets (IoPT) Mobile phones (IoPT) Threat actors intentionally target these assets because they are externally accessible, have an expansive and intricate attack surface, and known weaponized CVEs, said Tom Gol, CTO of research at Armis. "The potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts." For example, engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals, and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors, he added. Many assets have high vulnerability scores, detected threats, unencrypted traffic Armis also examined asset types with the most common high-risk factors. Physical devices that take a long time to replace - such as such as servers and programmable logic controllers (PLCs) - often run end-of-life (EOL) or end-of-support (EOS) operating systems. This makes them particularly high risk, especially as EOS assets are no longer actively supported or patched for vulnerabilities/security issues by manufacturers, Armis stated. Some assets, including personal computers, demonstrate SMBv1 usage, a legacy, unencrypted, and complicated protocol with vulnerabilities that were targeted in the infamous WannaCry and NotPetya attacks. Armis found that 74% of organizations today still have at least one asset in their network vulnerable to EternalBlue, an SMBv1 vulnerability. Meanwhile, Armis found that 50% of pneumatic tube systems - technical equipment in which cylindrical containers are propelled through a complex network of tubes -have an unsafe software update mechanism. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe