Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Botnet Infections Risk Vector

Avatar
Ingrid
Follow
  • August 16, 2023: New Grading & Finding Behavior sections.
  • May 8, 2020: Updated risk vector description.

⇤ Compromised Systems Risk Category

The Botnet Infections risk vector indicates that devices on a company’s network are participating in a botnet (combination of “robot” and “network”), either as bots or as a command and control (C&C or C2) server.

See data collection methods or the criteria for classifying findings as Botnet Infections.

Risks

Botnets can be used to exfiltrate sensitive data (such as corporate secrets and user information), repurpose company resources for malicious activities (such as distributed denial-of-service attacks or cryptocurrency mining), and they can serve as conduits for other infections.

Companies with a Botnet Infections grade of B or lower are more than twice as likely to experience a publicly disclosed data breach. Botnets can deliver high-volume network attacks and perform large-scale tasks, such as:

  • Generate Bitcoin and other cryptocurrencies, which is abuse of local machine resources (increased CPU/RAM/HDD usage) and takes away cycles from legitimate users.
  • Distribute spam or malware, which can potentially steal data and put an organization’s confidential information and infrastructure at risk.
  • Network attacks from company servers to their targets, such as DDoS. Company reputation can be damaged; servers blacklisted; company could unwittingly participate in DDoS or other large-scale network attacks against itself.

See a botnet’s correlation to breach.

Grading

Compromised Systems risk vectors are graded in the same manner. They are weighted evenly across the risk category and have a lifetime of 180 days.

Remediation

Review Botnet Infection findings.

  • Conduct a thorough security review of the machine (malware & antivirus sweep).
  • Review services used on the machine, harden firewall rules.
  • Improve employee computer safety training (phishing, installing unapproved software).

Finding Behavior

User-requested finding refreshes are not available for Compromised Systems risk vectors.

As the negatively impacting finding gets older, you will gradually get points back.

Related articles