It’s a frightening fact. Virus and malcode attacks continue to occur on regular basis — not just for their own sake, but also as a diversionary tactic for attackers to work their way deeper into the business. While these threats are well-known, and remediation techniques have existed for a number of years, people often forget that viruses and malware can be resurrected from old media, such as backup tape, or from old machines that have been set aside and then brought out again for use. These threats can then be dumped like a toxin into the bloodstream of the network. Malware writers create variants of old threats frequently. They then use bits and pieces of old threats in both tried-and-true and novel ways. That’s why it’s important to remain aware and protected against them.
Did you know that Microsoft will no longer support Windows XP after April, 2014? For many companies — especially those outside North America and Western Europe — upgrading to Windows 7 or 8 is not a cost-effective prospect. Legacy control systems and peripherals may not be supported on Windows 7 or 8.Smaller companies and those outside more mature western regions cannot afford to change entire systems just because of an OS upgrade.
A large number of devices still operate on XP. According to IDC, approximately 30-40 percent of the Windows base is on XP, and XP experienced a fair amount of malware when in mainstream use. If you need support and XP is no longer supported by Microsoft, you will have to pay for that support. There is speculation that there will be a deluge of malware targeting XP because of these vulnerabilities. Security research firms are gearing up on XP vulnerabilities and exploits just as criminals and espionage attackers are waiting for XP expiration to launch malcode.
Some companies may be lulled into the temptation to not pay for XP support. Why bother? It’s a dinosaur. Who would want to attack it? That’s a bad idea. Companies that simply load anti-virus or anti-malware products off the Internet and then look the other way risk serious consequences. The goal of the exploits launched against endpoints is not to take control of the XP machine but to gain access to the network and to escalate threat actor privilege.
These legacy devices with rarefied operating systems will be the new points of entry into the network. Malware is a tool hactivists use to disable machines for destructive purposes. Espionage detection might take 6-12 months or longer — and several months to remediate the compromise. The likely scenario is that your company may never know what was compromised: which servers, databases, and what information.
A better strategy is to assess the environment proactively and make sure that newer, emerging threats are protected against while concurrently running the old standby anti-viral and anti-malware programs. Make sure to work with a provider that will engage with you from endpoint to the edge, including the support that you might need for previous operating systems.
This blog is co-authored by Christian Christiansen, Program Vice President, Security Products and Services, IDC
For more information on the changing security landscape, read the IDC Whitepaper , sponsored by AT&T, below: