Armis: Cybersecurity attack attempts double in 2023, urgent need for prioritization and risk mitigation in 2024

January 24, 2024

Asset intelligence cybersecurity company Armis disclosed that cybersecurity attack attempts more than doubled, increasing 104 percent in 2023. Armis Labs data analysis provides a possible blueprint for the year ahead on where security teams need to prioritize efforts.

The 2023 analysis of Armis’ proprietary data offers critical insight into the multifaceted challenges global organizations face when it comes to protecting the entire attack surface. Report findings serve as a blueprint to help security teams worldwide prioritize efforts to reduce cyber risk exposure in 2024.

The report found that global attack attempts more than doubled in 2023, with utilities reporting over 200 percent increase and manufacturing recording 165 percent increase, making them ‘the most at risk’ industries. Attack attempts peaked in July, with communications devices, imaging devices, and manufacturing devices experiencing intensified targeting during this period.

“Armis found that not only are attack attempts increasing, but cybersecurity blind spots and critical vulnerabilities are worsening, painting prime targets for malicious actors,” Nadir Izrael, CTO and co-founder at Armis, said in a media statement. “It’s critical that security teams leverage similar intelligence defensively so that they know where to prioritize efforts and fill these gaps to mitigate risk. We hope that by sharing these insights, global businesses and governments will leverage them to immediately pinpoint what they should be focusing on to improve their cybersecurity posture this year to keep critical infrastructure, economies, and society safe and secure.”

The report identified that geopolitical tensions exacerbate the cybersecurity landscape as the cyberwarfare grew more widespread in 2023. The top industries exposed to attack from Chinese and Russian actors were those within manufacturing, educational services, and public administration. In manufacturing, [dot]cn and [dot]ru domains contributed to an average of 30 percent of monthly attack attempts, while attacks from these domains on educational services have risen to about 10 percent of total attacks.

It also revealed that legacy technology steepens the incline of cybersecurity pros’ existing uphill battle. Older Windows server OS versions (2012 and earlier) are 77 percent more likely to experience attack attempts compared to newer Windows Server versions. The vulnerability is particularly evident in the server environment, with nearly a quarter of server versions facing end-of-support (EoS) scenarios. Also, the educational services industry has a significantly higher percentage of servers (41 percent) with unpatched weaponized Common Vulnerabilities and Exposures (CVEs), compared to the general average of 10 percent.

Additionally, industries still use end-of-life (EoL) or EoS OSs that are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer. They include educational services (18 percent), retail (14 percent), healthcare (12 percent), manufacturing (11 percent) and public administration (10 percent).

Armis reported that businesses struggle with effective vulnerability prioritization and remediation. There were over 65,000 unique CVEs discovered in 2023 while a third of all devices are still not patched for Log4Shell. Patch rates for critical CVEs are not prioritized with low CVEs recording 11 percent patch rate; medium CVEs at 58 percent patch rate; high CVEs at 64 percent patch rate; and critical CVEs at 55 percent patch rate. Irrespective of the weaponization status of a CVE, organizations consistently grapple with patch rates at 62 percent for non-weaponized and 61 percent for weaponized vulnerabilities.

“Blueprints like this report are invaluable as they help teams focus limited resources on efforts with the greatest impact and with the insights to tell data-driven stories in justification of cross-team priorities,” said Curtis Simpson, CISO at Armis. “Using hindsight and analyzed data could allow CISOs to focus 2024 efforts on segmenting legacy technology, prioritizing exposures of greatest significance, and utilizing AI-driven technologies that can assist security teams with defending and managing the attack surface in real-time.”

In November, Armis announced the findings of its Global Attack Surface Management (ASM) Research which looked into organizational trends and challenges over the past 12 months.