Microsoft Windows 7 will no longer receive security patches. Cyber criminals will try to target businesses that still haven’t upgraded.It’s estimated that 200 million PC users are still running Windows 7.
UK’s National Cyber Security Centre – the cyber arm of the GCHQ intelligence service – issued a warning over the continued use of Windows 7 PCs and laptops, telling users they shouldn’t use Windows 7 devices when accessing personal data.
Businesses hold data on large groups of people and it’s not beyond the realms of possibly that attackers could exploit new vulnerabilities uncovered in Windows 7 to maliciously infiltrate networks via phishing or malware attacks and gain access to that data. The global WannaCry ransomware attack of May 2017 demonstrated how vulnerable machines that haven’t received security updates can be to hackers.
Cyberattacks aren’t going to disappear overnight; security teams should be working to protect their organisations’ networks. If they don’t upgrade soon, then worst-case scenario could be another WannaCry-style attack.” said Nir.
Businesses may be reluctant to purchase more recent versions of Windows, but being without security updates is incredibly dangerous, and the risk of financial and reputational damage is huge. For those who don’t have a clear plan to move away from Windows 7, it is about time to create one.
There’s still the potential that there could be some Windows 7 devices left lurking on the network or staff BYODs. If you don’t take stock of your network to see how much Windows 7 you really have, then the chances are the cybercrooks will do it for you,
June saw a big jump in Phorpiex a notorious botnet campaign known for distributing a number of malware and spam campaigns, including largescale sextortion email campaigns, has surged in activity over the past month, with cyber criminals. Phorpiex detections grew to such an extent that it was the second most detected malware campaign during June, and 2% of organisations were targeted by the botnet.
The botnet sends out spam emails that attempt to deliver a malicious payload to victims to power an Avaddon ransomware campaign. Attempts to lure victims into opening a Zip file attachment in a phishing email that uses a wink emoji as the subject. It might sound like a basic form of cyberattack, but criminals use what works.
Phorpiex – which is also known as Trik – has been used to distribute spam campaigns for other forms of ransomware, including GandCrab and Pony, as well as being used to mine for cryptocurrency on infected machines.
The most commonly detected malware during June was Agent Tesla, an advanced remote access trojan that was detected targeting 3% of organisations. Agent Tesla is an information stealer and a keylogger, providing attackers with the ability to see absolutely everything on the infected computer, including usernames, passwords, browser history, system information and more – everything needed to very much compromise a network.
XMRig, an open-source cryptocurrency mining malware uses the CPU power of infected machines to generate Monero. It has been active since May 2017. The remainder of the top 10 most wanted malware for June is made up of familiar names including Dridex, Trickbot, Ramnit and Emotet – staples of cyber-criminal activity, either stealing information, or being used as the start of more destructive campaigns. For example, Trickbot and Emotet are often used as the first stage of largescale ransomware attacks.
Many of the common forms of malware rely on exploits and vulnerabilities that have long been known, so can be protected against by applying security patches, which in some cases have been available for years
Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware, cryptocurrency miners – and in some cases they’re actively looking to shut down or disrupt systems.
A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.
To protect against cyber criminals and hackers, industrial environments should:
– Have the minimum number of open ports facing the internet and access control policies should be tightened with unique and strong passwords for each system.
– Use Two-factor authentication to help prevent attackers from gaining access to environments.
– Ensure that systems are regularly updated with relevant security patches in order to ensure that cyber criminals can’t take advantage of known vulnerabilities to gain access to networks.
