Microsoft Trustworthy Computing Group (TwC) director Tim Rains issued the warning in a blog post, advising businesses still using XP that they will be putting themselves and their customers at increased risk.
"Today, attackers typically steal personal and business information from the systems they go after and try to keep a lower profile, as the goal is financial profit more regularly than mischievous disruption or ego," read the post.
"The types of attacks that we expect to target Windows XP systems after 8 April 2014 will likely reflect the motivations of modern-day attackers. Cyber criminals will work to take advantage of businesses and people running software that no longer has updates available to repair issues."
Rains highlighted the danger posed by self-replicating malware, such as the Conficker worm, as a particularly dangerous threat, warning that once the cut-off occurs it will be close to impossible to stop the malware spreading.
"Malware purveyors will likely integrate new vulnerabilities targeting Windows XP, into malware that tries to multiply. The success of the virus named Conficker, to infect systems in enterprise environments, illustrates that security firewalls and strong password policies are still not comprehensively used," read the post.
"Organisations that continue to run Windows XP after support ends, should be on guard for this type of threat in their environment."
Conficker is an infamous worm that was first discovered targeting Windows users in November 2008. The malware was designed to create a criminal botnet and at its peak is believed to have infected as many as 15 million machines.
Rains highlighted ransomware as another key threat facing Windows XP users. "We have seen a large uptick in ransomware in recent years. Attackers use this type of malware to extort users into paying them to unencrypt files that the malware has encrypted on their system, or to unlock the system's desktop," read the post.
"After April 2014, attackers will likely attempt to use unpatched vulnerabilities on Windows XP-based systems to distribute ransomware. This type of attack can have a crippling impact on small businesses and consumers that lose access to important data or systems."
Rains is one of many security experts to warn SMEs about the danger a successful cyber attack can pose. Security firm AVG told V3 in September 2013 that SMEs' lax attitudes to security is leaving them one cyber attack away from bankruptcy.
Worse still, Rains said following the cut-off, businesses will be more susceptible to basic cyber attacks, such as phishing and drive-by downloads. He said businesses may mitigate the threat by disconnecting XP systems from the internet, but argued that the safest policy will be to upgrade to a newer version of Windows.
"The guidance above provides suggestions towards managing some of the risks of running Windows XP post 8 April. However, the primary thrust of our advice is clear: the best option is to migrate to a modern operating system like Windows 7 or Windows 8 that have a decade of evolved security mitigations built in and will be supported after 8 April 2014," read the post.
Rains is one of many security professionals to warn businesses to avoid using Windows XP after the cut-off. Experts from numerous companies told V3 that criminals are hoarding exploits in preparation for an XP hacking rampage earlier in March. Security firm Malwarebytes pledged to support Windows XP for as long as possible in a bid to shield its users from the hacking rampage.
No comments:
Post a Comment