When classifying observations as Potentially Exploited events, we look for the presence of potentially unwanted programs (PUP) and potentially unwanted applications (PUA).
These types of software usually present a low risk to the organization. The impact of these types of events on security ratings are much lower than the impact of a malware infection. However, the presence of these types of software still present the following risks:
- These types of software are known to collect data on the users in an abusive way, which can affect system performance by constantly displaying ads or makes the system slower;
- There is an indirect risk of infection with its ability to install malware or direct the user’s browser to malicious advertising websites;
- Indicates a lack of control of the software installed on endpoint devices (e.g., users able to install software, control over approved software);
- Indicates that users have a low security-awareness. There are risks when installing software, as these types of software usually originate from unknown/untrusted sources.
For the above reasons, we have chosen to use these events as a way to measure the security posture of organizations.
Examples
- One indication that a host may be exploited is the presence of spyware, for the purpose of displaying relevant advertisements.
- Adware is purposely bundled with, or integrated into, legitimate software as a way to offset development costs, especially if the software is distributed for free.
Publication Date – January 13, 2020
Feedback
0 comments
Please sign in to leave a comment.