- August 16, 2023: New Grading & Finding Behavior sections.
- May 8, 2020: Updated risk vector description.
The Botnet Infections risk vector indicates that devices on a company’s network are participating in a botnet (combination of “robot” and “network”), either as bots or as a command and control (C&C or C2) server.
Botnets can be used to exfiltrate sensitive data (such as corporate secrets and user information), repurpose company resources for malicious activities (such as distributed denial-of-service attacks or cryptocurrency mining), and they can serve as conduits for other infections.
Companies with a Botnet Infections grade of B or lower are more than twice as likely to experience a publicly disclosed data breach. Botnets can deliver high-volume network attacks and perform large-scale tasks, such as:
- Generate Bitcoin and other cryptocurrencies, which is abuse of local machine resources (increased CPU/RAM/HDD usage) and takes away cycles from legitimate users.
- Distribute spam or malware, which can potentially steal data and put an organization’s confidential information and infrastructure at risk.
- Network attacks from company servers to their targets, such as DDoS. Company reputation can be damaged; servers blacklisted; company could unwittingly participate in DDoS or other large-scale network attacks against itself.
Compromised Systems risk vectors are graded in the same manner. They are weighted evenly across the risk category and have a lifetime of 180 days.
Review Botnet Infection findings.
- Conduct a thorough security review of the machine (malware & antivirus sweep).
- Review services used on the machine, harden firewall rules.
- Improve employee computer safety training (phishing, installing unapproved software).
User-requested finding refreshes are not available for Compromised Systems risk vectors.
As the negatively impacting finding gets older, you will gradually get points back.