New research uncovers the most targeted and vulnerable assets are OT and Medical Devices

A recent study conducted by security company Armis research has uncovered medical devices are most vulnerable to unpatched CVEs, and that operational technology assets face the highest number of cyber attacks.

The focus of the Armis lead study was on assets that are most targeted for attack attempts, exploited Common Vulnerabilities and Exposures (CVEs), and those with high-risk ratings, the study drew its findings from a proprietary Asset Intelligence Engine. It revealed that devices connected to the Internet of Medical Things (IoMT) in healthcare settings are the most vulnerable to unpatched, exploited CVEs. Meanwhile, operational technology (OT) assets experience the highest frequency of cyber attacks.

Internet of Medical Things assets most vulnerable to unpatched CVEs

The study by Armis revealed a large number of network-connected devices that are at high risk due to unpatched, weaponized CVEs. The report detailed the types of devices with the highest percentages affected by these vulnerabilities between August 2022 and July 2023. If not addressed, these vulnerable assets pose significant threats to business operations.

According to the study, the assets most vulnerable to unpatched, weaponized CVEs are:

1. Media writers (IoMT), 62%

2. Infusion pumps (IoMT), 26%

3. IP cameras (IoT), 26%

4. Media players (IoT), 25%

5. Switches (IT), 18%

6. Engineering workstations (OT), 17%

7. Personal smartwatches (IoPT), 16%

8. Routers (IT), 15%

9. SCADA servers (OT), 15%

one of the least surprising talking points of the Armis findings is that medical devices lead the list of vulnerable assets. A January 2022 report on the state of Internet of Medical Things (IoMT) security by Cynerio found that 53% of IoT and IoMT devices used in American healthcare settings are critically vulnerable, posing risks to patient safety, data privacy, and service availability if exploited. Additionally, information disclosed in June of this year indicated that a third of the UK's National Health Service (NHS) Trusts lack a system for monitoring IoT devices, creating potential security gaps that could put both data and services at significant risk.

The case for Operational Technology Attack surface management

Other data from the study revealed the top 10 types of devices most targeted by cyber attack attempts span across Information Technology (IT), Operational Technology (OT), Internet of Things (IoT), Internet of Medical Things (IoMT), Internet of Personal Things (IoPT), and Building Management System (BMS) assets. This indicates that attackers are more focused on gaining access to vulnerable assets than targeting specific types of devices. The findings further underscore the importance for IT security teams to include both physical and virtual assets in their overall security roadmap.

The top 10 device types most frequently targeted by attacks are:

1. Engineering workstations (OT)

2. Imaging workstations (IoMT)

3. Media players (IoT)

4. Personal computers (IT)

5. Virtual machines (IT)

6. Uninterruptible power supply (UPS) devices (BMS)

7. Servers (IT)

8. Media writers (IoMT)

9. Tablets (IoPT)

10. Mobile phones (IoPT)

    
    

Threat actors seem to be deliberately targeting Operational technology and IOT devices because they are often an afterthought for modern-day security strategies of companies. Also unlike traditional IT environments, a lot of OT and IOT devices can be accessed externally and possess a complex and extensive attack surface, that makes them more susceptible to weaponized vulnerabilities (CVEs). The consequences for businesses and their clients if these assets are compromised present a major concern which is why hackers are beginning to shift their focus to exploiting them. For instance, engineering workstations may be linked to every controller in a manufacturing facility, imaging workstations could gather confidential patient data in hospitals, and uninterruptible power supplies (UPSs) might act as entry points to critical infrastructure. This makes each of these asset types a high-value target for malicious individuals looking to extort organizations.

High-Risk factors of Legacy Systems and Assets

One of other important topics Armis highlighted was the issue of legacy assets. Legacy asset types are commonly subject to high-risk factors which include physical devices that are difficult and time-consuming to replace, like servers and programmable logic controllers (PLCs). These often operate on end-of-life (EOL) or end-of-support (EOS) operating systems, making them extremely vulnerable. Such assets are due to the fact that they no longer updated or patched for security vulnerabilities by their manufacturers,

Additionally, assets like personal computers often employ the SMBv1 protocol, which is outdated, unencrypted, and riddled with vulnerabilities. This protocol was infamously exploited in the WannaCry and NotPetya cyberattacks. Armis' research shows that 74% of organizations still have at least one asset on their network that is susceptible to the EternalBlue vulnerability, which targets SMBv1.

Furthermore, researchers discovered that 50% of the pneumatic tube systems—mechanical setups that move cylindrical containers through an intricate tubing network—possess insecure software update mechanisms, thereby increasing their risk profile

Since 2018, Maverc has been providing services and mentorship to small-midsize manufacturers

in the process and technology aspects of cyber resilience and compliance. Maverc has invested years of research and testing to curate solutions designed to address critical issues that present challenges to organizations that operate OT and IoT environments. Through our work with Defense Industrial Base organizations and NIST Manufacturing Extension Partnerships (NIST MEPS), we have been able to assist organizations in gaining complete visibility across OT, IT, and IIoT, defend against emerging threats such as industrial Ransomware, Detect Novel & Never seen before attacks and comply with Frameworks such CMMC and NIST-800-171. Powered by scalable, AI-driven technology and our Managed Detection and Response services Maverc has become a trusted partner assisting organizations in becoming more cyber-resilient. Contact us today at 888-948-1468 or at Info@maverc.com if your or your organization has a cyber security problem that it is looking to solve.