Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Insecure Systems Risk Vector

Ingrid

⇤ Diligence Risk Category

The Insecure Systems risk vector assesses endpoints (which can be any computer, server, device, system, or appliance with internet access) that are communicating with an unintended destination. The software of these endpoints may be outdated, tampered, or misconfigured. A system is classified as “insecure” when these endpoints try to communicate with a web domain that doesn’t yet exist or isn’t registered to anyone. This can happen for a few reasons:

  • The device manufacturers/developers stopped supporting their product. The original domains that were registered have since become “abandoned” (the domain has not been renewed).
  • A device has been purposely tampered with or is mis-configured. These devices are trying to reach out to unregistered/misnamed domains for software updates or other communications.

Some examples include mobile devices on debug or root mode that are reaching for rogue application content or abandoned applications fetching server configurations.

Learn more:

Risks

  • If the destination domain is registered by attackers, they can have the ability to inject malicious code into the insecure system.
  • Endpoints can become exposed to rogue application services and markets. The software in these endpoints have been tampered with or have been misconfigured. The open communication with a remote server may allow attackers to inject code that results in a breach to the organization and access to sensitive data.

Bitsight Blog, “Ragentek Android OTA Update Mechanism Vulnerable to MITM Attack”

Grading

See how the Insecure Systems risk vector is graded.

Concept Behavior

Lifetime

Duration: 60 Days

Insufficient Data

A default risk vector grade is assigned.

Default:

The rating is positively impacted if there are no findings for this risk vector.

Weight

Percentage (out of 70.5% in Diligence): 2.5%

Remediation

Review Insecure System findings. Identify known insecure systems and uninstall or update the firmware of insecure applications (endpoints).

If no host is present when identifying insecure systems, the SMB protocol does not provide the domain that can be directly attributed to the connection in the packet exchange. Though the domain resolves to a particular IP, an endpoint machine from your network was observed doing a DNS lookup to a Bitsight sinkhole with the NetBios network through the SMB protocol.

Finding Behavior

Concept Behavior

Rescan

The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated.

Automated Scan Duration: Daily

User-Requested Rescan Duration: Not Available

Remediated

New findings immediately impact the grade.
  • March 25, 2024: “No findings/low findings” changed to “insufficient data.”
  • August 16, 2023: New Grading & Finding Behavior sections.
  • May 11, 2020: Linked to related topics (rating details, data collection methods, & finding details).
Was this article helpful?
10 out of 12 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.