Threat | Port(s) | Description |
Anonymous FTP Server | 21 | Identifies open anonymous FTP server. By default many FTP servers do not require a password. |
Blacklisted IP | Identifies blacklisted IP addresses. IP addresses can be blacklisted for a
number of reasons, including if you recently acquired an IP address
that was previously used for nefarious activity. | |
Blue Keep | 3389 | Windows Remote Desktop vulnerability allows for the possibility of remote code execution. |
Default Credentials | 21 22 23 80 443 8080 | Identifies Default Credentials on an exposed device. Many IoT devices like IP cameras, DVRs and routers have hard-coded default credentials (usernames and passwords) that are exposed when those devices are connected to a network. |
EternalBlue Vulnerability | 445 | Detects if port 445 is subject to EternalBlue Vulnerability.
Ransomware and Malware can be be installed on machines that have this
vulnerability. Billions of dollars have been lost due to this exploit. |
Exposed LDAP Directory | 389 | Identifies open access to an LDAP directory. Companies open LDAP access
to Active Directory when using cloud apps like Office 365, Google Apps
and Citrix. Hackers look for these open connections and can use them to
steal employee passwords. |
Non-Encrypted Database Connection | 1433 1521 2483 3306 | Identifies open access to non-encrypted database ports. Database access
open to external IP addresses should be encrypted. Non-encrypted
connections can allow hackers to view traffic going to and from your
database, including database authentication credentials. |
Open Firewall | Inspects the firewall management console when accessible from a non-trusted
public IP address. Firewall management consoles should only be
accessible from inside the network or from trusted external IPs. Hackers
search for firewalls where public management access (SSH or HTTPS) was left enabled. | |
Open Mail Relay | 25 | Detects corporate mail servers which accepts email for non-corporate
domains. Hackers are consistently looking for mail servers that have not
been properly configured, which allow them to blast out spam and
viruses. |
Open Remote Desktop | 5900 | Identifies open remote desktop access (RDP or VNC) from public, non-trusted IP addresses. Remote desktop access should only be allowed from trusted external IPs. Hackers search for desktops publicly accessible and then attempt to login. |
Open DNS Server | 53 | Identifies open DNS server exposed to the internet. Corporate DNS
servers are designed for machines on your internal network. An
overlooked firewall rule can allow hackers to stage attacks using your
DNS server. |
Public Video Feed | 554 | Identifies unsecured IP cameras Hackers can remotely tap the
video feeds on unsecured cameras and seize control of the camera
systems. |
SSL Drown Vulnerability | 443 | Identifies active Poodle vulnerability in the SSL library. Patches for
Poodle are available for most SSL libraries. Heartbleed, Poodle and
DROWN are attacks that allow hackers to steal confidential information
from a server running vulnerable SSL software. |
SSL Heartbleed Vulnerability | 443 | Identifies an active Heartbleed vulnerability in an SSL library. Patches
for Heartbleed are available for most SSL libraries. Heartbleed, Poodle
and DROWN are attacks that allow hackers to steal confidential
information from a server running vulnerable SSL software. |
SSL Poodle Vulnerability | 443 | Identifies an active Heartbleed vulnerability in an SSL library. Patches
for Heartbleed are available for most SSL libraries. Heartbleed, Poodle
and DROWN are attacks that allow hackers to steal confidential
information from a server running vulnerable SSL software. |
SSL Weak Diffie-Hellman Key Exchange | 443 | Detects weak Diffie-Helman Key exchange on port 443 T his may
allow a man-in-the-middle attacker to downgrade the security of
a TLS session to 512-bit export-grade cryptography, which is
significantly weaker, allowing the attacker to more easily break the
encryption and monitor or tamper with the encrypted stream. |
Unsecure Document Access Vulnerability | 80 8080 443 | Identifies detected unsecure document access on a device. |
Unauthenticated Access | 5900 | Detects if port 5900 is subject to exploit by Unauthenticated Access vulnerability. |
VX Works Vulnerability | Vulnerabilities
in VxWorks' TCP stack could allow an attacker to execute random code,
launch a DoS attack, or use the vulnerable system to attack other
devices. |
| Threat | Description |
Spyware | Malicious software that is designed to take partial or full control of a computer's operation without the knowledge of its user or any software that secretly gathers information about a person or organization. |
Botnets | A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets
can be used to perform distributed denial-of-service attack (DDoS
attack), steal data, send spam, and allows the attacker to access the
device and its connection. |
Malware |
Malicious computer software
that interferes with normal computer functions or sends personal data
about the user to unauthorized parties over the Internet |
IoT Malware | Traffic to an IoT malware command and control or distribution domain has been detected from an IoT device |
Malicious Websites | A malicious website is a site that attempts to install malware that will disrupt computer operation, gather
your personal information or, in a worst-case scenario, gain total
access to your machine) onto your device. This usually requires some
action on your part, however, in the case of a drive-by download, the
website will attempt to install software on your computer without asking
for permission first. |
| MegaUpload Malware | Traffic to seized Megaupload domains has been detected on an IoT device These domains has been seen directing devices to malicious sites. |
| Unwanted Software | Traffic to a number of domains associated with unwanted software has been detected from an IoT device. This indicates that the device may be running unwanted software, which could have performance and security impacts |
MyBrowser Bar | Mybrowserbar.com uses adware to hijack your browser and installs advertising software without users knowledge |
Auslogics PC Repair Adware | PUP.Optional.AuslogicsBoostSpeed is adware that promises to clean up invalid registry entries, however, Microsoft strongly urges not to use this method. |
Komodia SSL Hijacker | Komodia allows hackers to access data that was encrypted using SSL and perform on
the fly SSL decryption. The hijacker uses Komodia’s Redirector platform
to allow easy access to the data and the ability to modify,
redirect, block, and record the data without triggering the target
browser’s certification warning. |
VoluumTrk Mobile Adware | Voluumtrk.com is a site that powers dangerous web
advertisements. Voluumtrk adware floods victim’s computer screen
with untrustworthy ads, which usually look suspicious at the first
sight. Voluumtrk PUP mostly generates ads with such captions: “You have won!”, “You are the lucky visitor!”, “Please install to continue”
and so on. |
ShopAtHome Toolbar | ShopAtHome
Toolbar Malware is a potentially dangerous program that shares a lot of
similarities to an Adware virus. ShopAtHome Toolbar
Malware has been known to make attempts to phish for user data, all kinds of
scams and even installing additional viruses. |
SaveFrom Downloader | SaveFrom Downloader is a potentially unwanted program that
performs malicious actions once installed on the computer. |
ReImagePlus Adware | The ReimagePlus.com virus alters a
browser’s configuration by observing consumer browsing behavior and
frequently targeting them with ads. Redirects and advertisements are two
common symptoms of the Reimage virus. Some of the browsers the
ReimagePlus virus can corrupt are Chrome, Firefox, Internet Explorer and
Safari |
PcKeeper Adware | This software was intentionally designed to invariably and ominously report that
the consumer's PC needs repair and is at-risk due to harmful errors,
privacy threats, and other problems, regardless of the computer's actual
condition. |
MacKeeper Adware | This software was intentionally designed to invariably and ominously report that
the consumer's MAC needs repair and is at-risk due to harmful errors,
privacy threats, and other problems, regardless of the computer's actual
condition. |
Smart TV DNS Hijacker | |
MindSpark Toolbar | PUP.Optional.MindSpark.A is deemed as potentially unwanted program that
performs malicious actions once installed on the computer.
|
Proxy Avoidance | Proxy avoidance is a means by which Internet users are able to browse websites
that may otherwise be blocked by a network administrator. The term is
something of a misnomer, however, in that it is the use of a proxy that
provides the very avoidance of the blocking mechanisms in place. So, in
essence, a user isn't avoiding a proxy in as much as he is using a
proxy to circumvent another means by which access to a specific website
or service is being denied. In many cases, these blocking methods are
yet another proxy or service. |
Adult Content | Traffic to a number of domains associated with adult content has been detected from an IoT device. |
Peer-To-Peer Activity | Peer-to-Peer (P2P) networking refers to networks in which peer machines
distribute tasks or workloads among themselves. P2P networks are
commonly used on the Internet to directly share files or content between
two or more machines. Content shared via P2P applications is sometimes infected with malware,
sometimes contains legally protected copyrighted material, or may
sometimes contain personal data accidentally shared. |
Palikan Browser Hijacker | Palikan is a home page hijacker that uses a custom built Chromium browser, which
is the open source version of Google Chrome. This browser will display
the Palikan.com home page when you open it and will also make all
searches go through the Palikan.com site as well. |
Cryptojacking | The unauthorized use of computing resources to mine cryptocurrencies |