Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

Insecure Systems Risk Vector

Avatar
Ingrid
Follow
  • August 16, 2023: New Grading & Finding Behavior sections.
  • May 11, 2020: Linked to related topics (rating details, data collection methods, & finding details).

⇤ Diligence Risk Category

The Insecure Systems risk vector assesses endpoints (which can be any computer, server, device, system, or appliance with internet access) that are communicating with an unintended destination. The software of these endpoints may be outdated, tampered, or misconfigured. A system is classified as “insecure” when these endpoints try to communicate with a web domain that doesn’t yet exist or isn’t registered to anyone. This can happen for a few reasons:

  • The device manufacturers/developers stopped supporting their product. The original domains that were registered have since become “abandoned” (the domain has not been renewed).
  • A device has been purposely tampered with or is mis-configured. These devices are trying to reach out to unregistered/misnamed domains for software updates or other communications.

Some examples include mobile devices on debug or root mode that are reaching for rogue application content or abandoned applications fetching server configurations.

Learn more:

Risks

  • If the destination domain is registered by attackers, they can have the ability to inject malicious code into the insecure system.
  • Endpoints can become exposed to rogue application services and markets. The software in these endpoints have been tampered with or have been misconfigured. The open communication with a remote server may allow attackers to inject code that results in a breach to the organization and access to sensitive data.

Bitsight Blog, “Ragentek Android OTA Update Mechanism Vulnerable to MITM Attack”

Grading

See how the Insecure Systems risk vector is graded.

Concept Behavior
Lifetime 60 Days
No Findings

– “A” Letter Grade

The rating is positively impacted if there are no findings for this risk vector.

Weight

(Out of 70.5% in Diligence)

 2.5%

Remediation

Review Insecure System findings. Identify known insecure systems and uninstall or update the firmware of insecure applications (endpoints).

If no host is present when identifying insecure systems, the SMB protocol does not provide the domain that can be directly attributed to the connection in the packet exchange. Though the domain resolves to a particular IP, an endpoint machine from your network was observed doing a DNS lookup to a Bitsight sinkhole with the NetBios network through the SMB protocol.

Finding Behavior

Concept Behavior
Refresh

Automated: Daily

User-Requested: User-requested refresh not available.
Remediated New findings immediately impact the grade.

Related articles