Product service for Windows XP ends April 8 and that means more organizations will end up caught flat-footed without a secure platform, even though Microsoft delivered the end of cycle information quite a long time ago.
Knowing this, there are businesses and individuals that don’t plan to replace their Windows XP systems even after support for these systems ends in April. In light of this, Tim Rains, director of the Trustworthy Computing Group at Microsoft shared some of the specific threats to Windows XP-based systems that attackers may attempt after support ends, so users can understand the risks.
The cyber threats discussed come from data and insights from recent volumes of the Microsoft Security Intelligence Report. This report includes aggregate data on the threats that hundreds of millions of systems around the world encounter – many of which are successfully blocked by Microsoft antivirus software and the security features built into Windows, Internet Explorer, Bing, and other Microsoft products and services.
This data gives a good picture of the tactics that attackers have been using to try to compromise computer systems, including which attacks end up used most often on Windows XP systems.
Attackers’ motivations have changed over the past decade. Ten years ago attackers primarily wanted to make a name for themselves through notoriety for each malicious act they completed. Today, attackers typically steal personal and business information from the systems they go after and try to keep a lower profile, as the goal is financial profit. The attackers that steal the information from computer systems sometimes choose to trade or sell that stolen information to other criminals to use for identity theft and bank fraud schemes.
The types of attacks that we expect to target Windows XP systems after April 8 will likely reflect the motivations of modern day attackers. Cybercriminals will work to take advantage of businesses and people running software that no longer has updates available to repair issues. Over time, attackers will evolve their malicious software, malicious websites, and phishing attacks to take advantage of any newly discovered vulnerabilities in Windows XP, which post April 8, will no longer get a patch.
Here is a list Rains compiled of risks that Windows XP based systems might encounter:
RISK 1: SURFING THE INTERNET: New exploits for Windows XP will likely end up added to cyber security exploit kits sold/leased to attackers. Surfing the Internet on Windows XP based systems after April 8 will become more risky as new exploits for Windows XP go out.
Guidance: Since browsing the Internet is a risky proposition if running on out-of- support systems like Windows XP after April, users should limit where they go to on the Internet to help manage the risk.
RISK 2: OPENING EMAIL AND USING INSTANT MESSAGING (IM): Many attacks typically start with a well-constructed phishing attack via email. The email will likely contain the Internet address (also known as a URL) to a malicious website constructed for unsupported Windows XP based systems. The email could also have a specially crafted malicious attachment that when opened, exploits an unpatched Windows XP vulnerability, potentially giving attackers control of the system. Attackers have also used Instant Messaging (IM) to deliver malicious URLs and attachments.
Guidance: Malicious email messages are a very common tactic attackers use to gain entry to systems. Given this, it would be prudent to avoid using Windows XP systems to send or receive email. Avoid clicking on links or opening attachments sent via email or IM.
RISK 3: USING REMOVABLE DRIVES: Attackers can attempt to use USB drives and other types of removable drives to distribute malware that seeks to leverage new vulnerabilities in Windows XP to compromise systems.
Guidance: This is a common way that Windows XP systems get infected with malware. Some customers have decided to physically block access to USB ports on systems in their organizations in an attempt to block this type of threat. Connecting removable storage devices to Windows XP systems should be avoided.
RISK 4: WORMS WILL USE ANY NEWLY DISCOVERED VULNERABILITIES TO ATTACK WINDOWS XP: Malware purveyors will likely integrate new vulnerabilities targeting Windows XP, into malware that tries to multiply. The success of the virus named Conficker, to infect systems in enterprise environments, illustrates that security firewalls and strong password policies are still not comprehensively used. Organizations that continue to run Windows XP after support ends, should be on guard for this type of threat in their environment.
Guidance: Review any exceptions you allow, through firewalls, in your environment. Only keep the exceptions in your firewall rules that you really need.
RISK 5: RANSOMWARE: We have seen a large uptick in ransomware in recent years. Attackers use this type of malware to extort users into paying them to unencrypt files that the malware has encrypted on their system, or to unlock the system’s desktop. After April 8, attackers will likely attempt to use unpatched vulnerabilities on Windows XP based systems to distribute ransomware. This type of attack can have a crippling impact on small businesses and consumers that lose access to important data or systems.
Guidance: Restoring data from backup is a good way to recover from a ransomware infection. More frequent backups of data stored on Windows XP systems or that Windows XP systems have access to, would be prudent.