Thursday, August 20, 2020

FBI is Warning of Cyber Attacks against Windows 7 Systems that Reached End-of-Life


 


The Federal Bureau of Investigation is warning companies running Windows 7 systems of the greater risk of getting hacked because the Microsoft OS has reached the end of life on January 14.




When an operating system (OS) reaches its "End of Life" users need to pay attention.  Once the magic deadline is crossed, the company that owns the rights to the OS stops issuing patches.  That means that the software no longer is updated to protect from hackers, breachers, and crooks.  The longer a user continues to use the OS, the more un-secure it becomes as black hats find more and more vulnerabilities and ways to exploit them.  It becomes a horrid case of "user beware".  This is the reason the  companies issue tons of warnings to users to either upgrade or stop.  As a way to try to protect businesses, the FBI attempts to warn private industry about these kinds of potential disasters.  Here is one such instance...

The FBI has sent a private industry notification (PIN Number 20200803-002) to partners in the US private sector.

“The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status,” reads the the FBI’s PIN.

“Continuing to use Windows 7 within an enterprise may provide cyber criminals access in to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered.”

“With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target,”

Feds urge organizations to upgrading their systems running Windows 7 to newer versions for which the IT giant is still providing security updates.

“Upgrading operating systems to the latest supported version. Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.” continues the PIN.

Microsoft still allows its Windows 7 users to upgrade to Windows 10 for free, but sometimes the underlying hardware doesn’t support the free upgrade.

The FBI cited the case of previous Windows XP migration, many systems that were not upgraded remained exposed to a significant number of attacks.

“Increased compromises have been observed in the healthcare industry when an operating system has achieved end of life status. After the Windows XP end of life on 28 April 2014, the healthcare industry saw a large increase of exposed records the following year,” the FBI said.

The experts explained that threat actors could exploit multiple known vulnerabilities impacting Windows 7 to compromise the systems running the popular Microsoft OS.

For many of these flaws, it is possible to find online working exploits. such as the EternalBlue and BlueKeep exploits

The FBI added that several companies have yet to patch its systems and urged them to apply the upgrade, the agency also provided the following recommendations:

  • Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
  • Auditing network configurations and isolate computer systems that cannot be updated.
  • Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.

No comments:

Post a Comment