Upgrades need to be a part of an ongoing maintenance program. Just ask one prison as the computers that handle the closed circuit television (CCTV) systems ended up compromised by the Conficker worm.
The prison, that remained anonymous, said its representatives insisted all the necessary security measures were in place that could block a malware attack. They said the threats identified by protection software were most likely false positives.
However, after analyzing the incident, Symantec experts discovered unpatched servers – running Windows Server 2003 that allowed the malware to penetrate the organization.
The worst part is the threat may have actually altered the footage recorded by the cameras, forcing the prison’s representatives to catalogue it as “tampered evidence.”
This is a perfect example of how an “outdated” threat could still cause a lot of damage. This case highlights the fact oftentimes organizations fail to properly upgrade and maintain their systems.