Types of Insecure Systems

Explanation:

Systems in this category are mobile devices that have rootkit capabilities disguised as a debug tool, and are reaching out to unregistered domains.

^{[1] [2]}

Risks:

• Domain owners can push new firmware versions, hence controlling/hijacking the mobile device.
• Firmware can send out unauthorized detailed information about the device.

Explanation:

Systems in this category are reaching out to abandoned torrent tracker domains for information about files to download via BitTorrent.

Learn more about File Sharing trackers.

Risks:

• Attackers can set up false trackers and inject false information.
• Trackers can instruct clients to fetch files from an arbitrary list of systems, with false or dangerous content.

• Expired Torrent Tracker
• Gnutella Domains

Explanation:

Systems in this category are using an abandoned domain for proxy configuration.

^{[3] [4]}

Risks:

• Domain owners can control browser navigation when proxies are used.
• Expired internal domains may have other severe implications.

Explanation:

Systems in this category are reaching out to Windows NetBios networks via an abandoned domain.

^{[5] [6]}

Risks:

• Windows/NetBios connections represent a vulnerability because the NetBios protocol has known security vulnerabilities and is a common attack target.
• Domain owners can interact with endpoints, potentially hijacking Windows Challenge/Response (NTLM) authentication credentials.

Explanation:

Systems in this category have applications which are either no longer maintained (the software has been “abandoned”* by its developers) or are communicating to the wrong servers; in either case, there is software present that is reaching out to an unregistered domain.

Risks:

• The app sends detailed information regarding how the device is being used, which could be used by attackers to gain access to the device.
• Domain owners could potentially leverage app functionalities to exfiltrate more information or gain a certain level of control over the device.

• Go Contacts Pro
• Auto Words With Friends Cheats
• Itiva Internet Accelerator

Explanation:

Systems in this category are smart TV systems and other media systems that are reaching out to abandoned domains*.

Risks:

Endpoint** is reaching out to unused IPTV platform related services, which may allow attackers to capture endpoint data.

• Abandoned IPTV platform.
• Abandoned live TV add-on.
• Abandoned media hub.
• Abandoned swarmcast media.

Explanation:

Systems in this category involve either software that is responsible for automatically providing updates, or network or other hardware used in business environments, that is reaching out to abandoned domains*.

Risks:

• Attackers can potentially interact with endpoint** devices, simulating the endpoint management solution.
• Endpoints will not be able to install security and firmware updates, since they cannot reach the intended service, and may remain vulnerable to a number of attacks.

• Symantec Patch Management
• McAfee Corporate Antivirus
• McAfee ePolicy Orchestrator
• Microsoft Server Update Services
• Symantec Endpoint Protection Manager
• Honeywell HVAC Controllers
• My DLink Service
• TR-069 Protocol
• Citrix Receiver PN Agent

Explanation:

Systems in this category have Lightweight Directory Access Protocol (LDAP) services running, which are used to manage information about an organization's employees, systems, and applications in the network; these services are reaching out to abandoned domains*.

Risks:

Attackers that hijack the abandoned domains may be able to interact with endpoints**, and obtain sensitive information.

Explanation:

Systems in this category are reaching out to Windows NetBios networks via abandoned domains*.

^{[5] [6]}

Risks:

• Windows/ NetBios connections represent a vulnerability because the NetBios protocol has known security vulnerabilities and is a common attack target.
• Domain owners can interact with endpoints**, potentially hijacking Windows Challenge/Response (NTLM) authentication credentials.