There are two disquieting developments that security watchdogs at Cisco and Fortinet are discussing online. Because they are related and have to do with the increased risk exposure enterprises and users have to using old operating systems, particularly the looming end of life support of by Microsoft of Windows XP on April 8, hopefully this is a call to action for those who are vulnerable.
Please note that I am providing the links to the respective blogs on these items below. It is important that you read them in their entirety.
Cisco security pros find Linux 2.6 kernel have been compromised
The first item to note as the sub-headline states was the publication on March 20 of a blog by Martin Lee, Technical Lead, Threat Intelligence, Cisco Security Intelligence Operations entitled, “Mass Compromise of the Obsolete.”
As the chart from Cisco illustrates, this bad boy is spreading fast.
He goes on to explain how this is done:
There are additional charts and advice in the blog, including the suggestion that organizations despite potential disruptions to business as usual need to weigh the risks of using operating systems that old and either unmaintained or unsupported. These systems need to be upgraded, monitored to detect to assure they have not been compromised and ideally should be replaced.
The Windows XP problem
Lee sites as an example of an old OS that needs to be watched Windows XP. It happens to be a perfect segue into the Fortinet blog by Guillaume Lovet, Senior Manager of Fortinet’s EMEA FortiGuard Labs, Will Windows XP be the new playground for cybercriminals after April 8, 2014? In short, the answer to this question is contained in Lovet’s conclusion:
“Understand that the key to staying on Windows XP is not being connected to the Internet. If that’s not possible, it’s highly recommended that you migrate to another operating system because it is certain that there will be an upsurge of attacks targeting XP vulnerabilities to extract sensitive information (competitive information, credit card numbers …) from these systems.”
While Lovet starts his blog by saying it is not clear that after April 8 you or your company will become a target, his caveat above that the only way to stay safe is to not have Windows XP connected to the Internet says all you really need to know.
Again, it is urged that you read the blog in its totality. Lovet walks readers through why the decision to upgrade is not an easy one. This discussion includes the observation that there are not insubstantial costs that upgrading to a next generation OS are likely to entail, particularly the need to replace existing hardware as current systems may not be capable of running newer OSs.
To drive home the point about the serious nature of what is about to transpire, Lovet notes that 95 percent of automatic teller machines globally rely on computers running Windows XP, and the same is true of most of the SCADA (Supervisory Control and Data Acquisition) used by electric utilities. And, while he is careful to note that while the ATMs and SCADA devices themselves would be difficult to compromise because they are not directly connected to the Internet, it does make the calculus as to what to migrate, how and when that much more complex.
It turns out that April 15 may be a day of dread in the U.S. because it is tax day, but for those who are responsible for risk management April 8 is looming large in the window (pardon the play on words). This does not mean that day will be Armageddon, but it does mean that understanding its implications and having a plan that gets C-level buy-in is something that commands attention sooner rather than later.
Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…
VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …
The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…
There is no denying that VR is here and will most likely only increase in velocity as a terminal speed is yet to be even hypothesized. That is why it …
In 2001, Google brought Eric Schmidt on board as CEO. To 10 years later become executive chairman, and continue to serve in this capacity through rest…