|
|
|
|
|
Rise in Cyber Attacks in Middle East Expected as Support for Microsoft Windows XP Ends Today 8th April
Published Apr 8, 2014
|
Microsoft is going to deliver its final security update to Windows XP today, April 8, before permanently discontinuing support for the platform. Patches for Internet Explorer 8 on Windows XP will also cease to be produced.
In niche industries, legacy software like Windows XP is common - Medical equipment, ATMs, point of sale systems that run businesses and handle credit card data, industrial control systems used by power companies, kiosks, displays in hotels and airports, etc. It is very common in the Middle East to see the default Windows XP screen saver on restaurant computer terminals. Many of these systems will likely remain in use after Microsoft stops providing security patches because of the cost to upgrade and a fear of disrupting business.
As new vulnerabilities are discovered that could allow hackers to gain access, these systems won’t be able to repel attacks. Just how bad is this threat? A few data points will illustrate the severity of not receiving security patches for newly discovered vulnerabilities moving forward
> 20 of 88 vulnerabilities currently being exploited in the wild by exploit kits apply to Windows XP and its components
> A review of the patches released in 2013 shows several dozen affecting Windows XP and its components
> The market share of Windows XP is just under 30%.
“It is possible for technicians to implement defensive measures that mitigate risk as new vulnerabilities are discovered, but that requires an advanced understanding of Windows internals, network security, and sophisticated hacking techniques. Most of the people supporting these niche systems don’t have that level of expertise,” says Paul Wright, manager of professional services and investigation team, Middle East, India and Africa at AccessData .
“The main concern are the possible future outcomes which could include the theft of cash from ATMs, credit card data theft from point of sale systems, espionage against systems that support our critical infrastructure, extortion, theft of personal information, and disruptive attacks that take systems offline. All these attack outcomes will result in significant losses for the affected victims, both monetary and reputational. As was witnessed in the wake of the Target security breach in the US, there’s a tremendous impact on customer confidence that directly translates into lost profit, lawsuits, and regulatory fines”.
The Middle East will witness high profile attacks early this year directly related to the vulnerabilities in Windows XP being exploited. Only then will organizations make it a priority to upgrade equipment. The information security community witnessed the same thing happen when Windows 98 and Windows 2000 were retired.
If an organization still relies on Windows XP, it is strongly recommended that it starts planning now to move to either Windows 7 or Windows 8 to avert future problems. If there is unwillingness to upgrade, there are some steps that can be taken to reduce the risk.
> Do not use production business systems such as point of sale terminals for risky activities like web browsing and email
> On personal computers, use other web browsers that will continue to be supported such as Google Chrome or Mozilla Firefox
> Install exploit mitigation software such as the Microsoft Enhanced Mitigation Experience Toolkit (EMET) which has been known to prevent unpatched vulnerabilities from being exploited successfully
Posted by
VMD - [Virtual Marketing Department]
|
|
|
