⇤ Compromised Systems Risk Category
The Malware Servers risk vector is an indication that a system is engaging in malicious activity, such as phishing, fraud, or scams. A company’s network is hosting malware that is meant to lure visitors to a website or send a file that injects malicious code or viruses.
See data collection methods or the criteria for classifying findings as Malware Servers.
Risks
Compromised servers can put other devices at risk of infection, simply by connecting to the company’s resources, which can result in a disruption in business continuity, exposure to additional malware threats, and an increased risk of data breach or data loss.
- Data Exfiltration: Malware can observe and report behavioral information, corporate secrets, or personally identifiable information (social security number, home address, telephone number, email address, etc.).
- Unauthorized access: The malware is able to obtain administrative (super-user) access on the machine by stealing usernames and passwords and can disable security or antivirus software.
- Implies other infections: The malware is often a staging ground for additional malware or viruses to compromise the system. Malware that allows other software to get in (such as adware, spyware, botnets) is called a “backdoor.” Viruses subject the targeted organization to risk of data loss and reputation damage.
- Resource abuse: The malware uses up disk space, delete files, erase hard drives, network bandwidth, computer memory (increased CPU/RAM/HDD usage) for malicious purposes to perform behind-the-scenes internet fraud. Takes away cycles from legitimate users.
Grading
Compromised Systems risk vectors are graded in the same manner. They are weighted evenly across the risk category and have a lifetime of 180 days.
Remediation
Review Malware Server findings and use forensics to track down infections.
- Prevent the malware software from gaining access to the target computer.
- Conduct a thorough security review of the machine (malware & antivirus sweep).
- Review services used on the machine, harden firewall rules.
- Improve employee computer safety training (phishing, installing unapproved software).
Finding Behavior
User-requested refreshes are not available for Compromised Systems risk vectors.
As the negatively impacting finding gets older, you will gradually get points back.
- August 16, 2023: New Grading & Finding Behavior sections.
- May 8, 2020: Updated risk vector description.
Feedback
0 comments
Please sign in to leave a comment.