- August 16, 2023: New Grading & Finding Behavior sections.
- May 8, 2020: Updated risk vector description.
The Malware Servers risk vector is an indication that a system is engaging in malicious activity, such as phishing, fraud, or scams. A company’s network is hosting malware that is meant to lure visitors to a website or send a file that injects malicious code or viruses.
Compromised servers can put other devices at risk of infection, simply by connecting to the company’s resources, which can result in a disruption in business continuity, exposure to additional malware threats, and an increased risk of data breach or data loss.
- Data Exfiltration: Malware can observe and report behavioral information, corporate secrets, or personally identifiable information (social security number, home address, telephone number, email address, etc.).
- Unauthorized access: The malware is able to obtain administrative (super-user) access on the machine by stealing usernames and passwords and can disable security or antivirus software.
- Implies other infections: The malware is often a staging ground for additional malware or viruses to compromise the system. Malware that allows other software to get in (such as adware, spyware, botnets) is called a “backdoor.” Viruses subject the targeted organization to risk of data loss and reputation damage.
- Resource abuse: The malware uses up disk space, delete files, erase hard drives, network bandwidth, computer memory (increased CPU/RAM/HDD usage) for malicious purposes to perform behind-the-scenes internet fraud. Takes away cycles from legitimate users.
Compromised Systems risk vectors are graded in the same manner. They are weighted evenly across the risk category and have a lifetime of 180 days.
- Prevent the malware software from gaining access to the target computer.
- Conduct a thorough security review of the machine (malware & antivirus sweep).
- Review services used on the machine, harden firewall rules.
- Improve employee computer safety training (phishing, installing unapproved software).
User-requested refreshes are not available for Compromised Systems risk vectors.
As the negatively impacting finding gets older, you will gradually get points back.