fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI: Networks Exposed To Attacks Due To Windows 7 End Of Life

FBI: Networks Exposed To Attacks Due To Windows 7 End Of Life

FBI: Networks exposed to attacks due to Windows 7 end of life

The U.S. Federal Bureau of Investigation (FBI) has warned private industry partners of increased security risks impacting computer network infrastructure because of devices still running Windows 7 after the operating system reached its end of life on January 14.

“The FBI has observed cybercriminals targeting computer network infrastructure after an operating system achieves end of life status,” the FBI said in a private industry notification (PIN) issued yesterday.

“Continuing to use Windows 7 within an enterprise may provide cybercriminals access into computer systems.

“As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered.”

After reaching its end of support earlier this year, Windows 7 no longer receives free software updates and security updates or fixes unless customers get an Extended Security Update (ESU) program subscription that will allow them to receives security updates for an additional three years.

The Extended Security Updates program is available for Windows 7 Professional, Windows 7 Enterprise, and Windows 7 Ultimate only via volume licensing programs, and it does not include or provide customers with new features, user-requested non-security updates, or design change requests.

Even though Microsoft says that upgrading to Windows 10 from Windows 7 for free was only available until July 29, 2016, free Windows 10 upgrades are still a thing if you follow this step by step Windows 10 upgrade procedure that involves running the Media Creation Tool and choosing the ‘Upgrade this PC now’ option on Windows 7 computers.

Windows 7 end of support notification
Windows 7 end of support notification

Also read: 12 brief explanation about the benefits of data protection for business success

Organizations advised to upgrade Windows 7 devices

The FBI cautions that an actively supported operated system is the best way to mitigate newly discovered security flaws since it automatically receives security updates as soon as they’re delivered by the vendor.

Even though the process of migrating a whole fleet of Windows 7 devices to a supported OS comes with its challenges including software and hardware costs, these hurdles are negligible when compared to the security risks organizations face if they don’t take upgrade such systems.

“Increased compromises have been observed in the healthcare industry when an operating system has achieved end of life status,” the FBI says. “After the Windows XP end of life on 28 April 2014, the healthcare industry saw a large increase of exposed records the following year.”

Organizations that cannot immediately update Windows 7 systems to a supported operating system are advised to take the following defensive measures to defend their networks from attacks:

• Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
• Auditing network configurations and isolate computer systems that cannot be updated.
• Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.

Windows 7 flaws targeted in previous attacks

The U.S. domestic intelligence and security service also reminds of past vulnerabilities impacting Windows 7, fixed by Microsoft, and later used by threat actors in attacks targeting vulnerable Internet-connected devices.

Among these, the FBI mentions the critical and wormable BlueKeep remote code execution (RCE) vulnerability impacting the Windows Remote Desktop Services (RDS) platform, fixed by Microsoft in May 2019, and of the increasing interest shown by threat actors in compromising devices unpatched against Remote Desktop Protocol (RDP) flaws.

The agency also brings up WannaCry ransomware that used NSA’s ETERNALBLUE exploit and the DOUBLEPULSAR Windows kernel Ring-0 exploit to spread and infect more than 57,000 devices around the world in 2017.

Microsoft patched the vulnerability used by ETERNALBLUE in March 2017 but this did not stop the attacks because Windows 7 users failed to update their systems in time and, in the aftermath, “98 percent of systems infected with WannaCry employed Windows 7 based operating systems,” according to the FBI. 

“With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target,” the FBI concludes.

Also read: Completed DPIA Example: 7 Simple Helpful Steps To Create

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us