Cyber Alert: Computer Network Infrastructure Vulnerable to Windows 7 End of Life Status, Increasing Potential for Cyber Attacks

Just the previous day, the FBI issued a warning on the usage of Windows 7 for your computer’s operating system. Due to Microsoft discontinuing support and updates for Windows 7, the system is no longer as safe, and so there will be an increase in the number of attacks on systems running Windows 7. This is what was sent out by the FBI on the 13th of August:

The following information is being provided by the FBI, with no guarantees or warranties, for potential use at the sole discretion of recipients to protect against cyber threats. This data is provided to help cybersecurity professionals and system administrators guard against the persistent malicious actions of cyber actors. This product was coordinated with DHS-CISA.

Summary

The FBI has observed cybercriminals targeting computer network infrastructure after an operating system achieves the end of life status. Continuing to use Windows 7 within an enterprise may provide cybercriminals access to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to a lack of security updates and new vulnerabilities discovered. Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system. Migrating to a new operating system can pose its own unique challenges, such as cost for new hardware and software and updating existing custom software. However, these challenges do not outweigh the loss of intellectual property and threats to an organization. 

Threat Overview

On 14 January 2020, Microsoft ended support for the Windows 7 operating system, which includes security updates and technical support unless certain customers purchased an Extended Security Update (ESU) plan. The ESU plan is paid per-device and available for Windows 7 Professional and Enterprise versions, with an increasing price the longer a customer continues to use. Microsoft will only offer the ESU plan until January 2023. Continued use of Windows 7 creates the risk of cybercriminal exploitation of a computer system.

·       As of May 2019, an open-source report indicated 71 percent of Windows devices used in healthcare organizations ran an operating system that became unsupported in January 2020. Increased compromises have been observed in the healthcare industry when an operating system has achieved the end of life status. After the Windows XP end of life on 28 April 2014, the healthcare industry saw a large increase of exposed records the following year.

·       Cybercriminals continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol (RDP) exploits. Microsoft released an emergency patch for its older operating systems, including Windows 7, after an information security researcher discovered the RDP vulnerability called BlueKeep in May 2019. Since the end of July 2019, malicious RDP activity has increased with the development of a working commercial exploit for the BlueKeep vulnerability. Cybercriminals often use misconfigured or improperly secured RDP access controls to conduct cyber attacks. The xDedic Marketplace, taken down by law enforcement in 2019, flourished by compromising RDP vulnerabilities around the world.

·       In 2017, roughly 98 percent of systems infected with WannaCry employed Windows 7 based operating systems. After Microsoft released a patch in March 2017 for the computer exploit used by the WannaCry ransomware, many Windows 7 systems remained unpatched when the WannaCry attacks began in May 2017. With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target.

Recommendations

Defending against cybercriminals requires a multilayered approach, including validation of current software employed on the computer network and validation of access controls and network configurations. Consideration should be given to:

·       Upgrading operating systems to the latest supported version.

·       Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.

·       Auditing network configurations and isolate computer systems that cannot be updated.

·       Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.

Reporting Notice

The FBI encourages individuals to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

We are blogging this one just to help spread the message so that, you, our readers are aware of the security risks of not updating to a newer, supported operating system. Our expert security team can help you get security awareness training for your employees, as well as a thorough and cost-effective risk analysis so that you won’t have to worry about a thing. Cybersecurity is hard to figure out by yourself. Why not get some help from us? Schedule a consultation with us or request a quote today!

The following two tabs change content below.
Our mission is to assist organizations in developing and implementing practices to secure data and comply with regulations. With several years of experience in the IT and health care industries, databrackets is poised to meet the needs of your organization via: - Consulting Services - Online, Do-it-yourself Toolkits for Security Risk Assessment - Education (Training, Webinar, and Workshops) For details on how databrackets can provide customized assistance for your organization, please contact us at info@databrackets.com.

Leave a Reply