Massive risk in operating outdated software

Dubai: Cybercriminals gain their attention towards a technology when it has a larger footprint like Microsoft on PC or when the systems is highly critical which could bring a financial gain or a production loss. Any technology which falls to these criteria always is susceptible to attacks.

“The upcoming deadline for Windows XP is something that presents a big opportunity to cybercriminals as they will then be able to uncover vulnerabilities without worry of Microsoft providing patches,” said Ghareeb Saad, senior security researcher, global research and analysis team at Kaspersky Lab.

It is already worrying that as recently as November 2013, Microsoft admitted to the presence of a zero-day vulnerability that only affected Windows XP and Server 2003 users.

Saad said the most attacked and vulnerable operating system is Windows XP Professional. From Kaspersky Security Network statistics we received more than 1,240 million attack notifications on Windows XP in 2013, which represent about 28 per cent of all attack notifications.

Running outdated and therefore unsupported versions of software represents a massive risk for users. Java 6 is a fine example of this. In February 2013, Oracle stopped providing updates and patches for the platform. Merely six months later, the industry witnessed a tremendous spike in both the volume and sophistication of attacks that exploit the vulnerabilities of Java 6. And because Oracle no longer provides patches for the platform, these exploits become cumulative and the platform becomes less secure with each passing day.

“Cybercriminals often reverse-engineer released patches to check which flaws that have been addressed and use that knowledge to target older, especially unsupported version of the software,” said Pradeesh VS, General Manager at ESET Middle East.

“Hackers will no doubt be keen to target the large pool of newly vulnerable users. and antivirus vendors too will reduce or even completely abandon their efforts to update their solutions for this operating system leading to a scenario wherein new developments in the field of AV technology will completely bypass Windows XP,” Nicolai Solling, Director of Technology Services at Help AG, said in a statement.

He said that with no fixes available, a large number of components vital to the Middle East’s payment industry will now be significantly less secure than before.